110 likes | 178 Views
Update to TIMGroup January 2002. Outline. Introduction Where are we now? Where are we going? What can be done to prepare? What are the options?. Introduction. Task Force recommended centralized Active Directory Deployment with migration for Exchange DOT members (upon request) Goals:
E N D
Update to TIMGroup January 2002
Outline • Introduction • Where are we now? • Where are we going? • What can be done to prepare? • What are the options?
Introduction • Task Force recommended centralized Active Directory Deployment with migration for Exchange DOT members (upon request) • Goals: • Robust • Stability after change • Participation optional, compliance necessary • Local control where possible • Supported by VPIT • Team effort
Where are we now? • Design and testing • WINS -> in testing in Rust building • DNS -> in testing in Test Lab (LHL) • Mixture of BIND DNS as now and MS DNS • All Windows 2000/XP machines in ad.uab.edu (uab) domain • CNAME records upon request • Auto-register in DNS if authenticated machine
Where are we now? (2) • AD -> in testing in Test Lab (LHL) • All users in one OU (uabPeople) based on HURS and STARS • Auto-groups / OU groups • 3 Servers for domain uab.edu (uabroot) • 3 Servers for domain ad.uab.edu (uab) • Schema – controlled by committee • Disaster recovery testing • Architected for 2nd site for disaster recovery
Where are we now? (3) • Accounts based on BlazerID/Password • Support (Local Admin, Help Desk, Dell, Microsoft) • Exchange – service differentiation • Licensing (campus license) • Migration • SID Migration (in test lab) • Mailbox movement
Where are we going? • Complete design / testing • Documentation of components • Documentation of policy • Form Active Directory Committee • Review • Internal • External • Test deployment in lab • Deployment of infrastructure • Migrations
What can be done to prepare? • Add users to Blazer directory and build correspondence between BlazerID and user account in NT (tool to help with this if there is a user@uab.edu address) (12.5K of 30-50K) • Move off domain controllers (PDC/BDCs) • Change security to not use the Built-in groups like Everyone and Authorized Users (unless you really mean it!) • Participate in design reviews / discussions
What are the options? • Migration into ad.uab.edu • Standalone • ldap.uab.edu can be used to find e-mails of those in AD as well as (all) others in the University • Other option(s) – Here's Tim!