1 / 16

Active Directory Structure

Active Directory Structure. By Erick Engelke and Bruce Campbell. Starting Point. Top Level Structure. People Organization. People. Administered by WatIAM Second account for elevated privileges Elevated account is application-specific Eg . ability to change people’s pay in DB

yanka
Télécharger la présentation

Active Directory Structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Structure By Erick Engelke and Bruce Campbell

  2. Starting Point

  3. Top Level Structure

  4. People Organization

  5. People • Administered by WatIAM • Second account for elevated privileges • Elevated account is application-specific • Eg. ability to change people’s pay in DB • Use of smartcards for some people • Like passport – userids cannot be shared • Use other mechanisms to share data • Userid/password equivalent to a signature • Offer optional lower security account for use on public workstations

  6. Groups Organization

  7. Groups • Very useful for managing access to data • WatIAM will manage some groups • Faculty, staff, student lists • Course lists • Delegated access to groups OU

  8. Naming Conventions • Groups, servers, print queues need names • ECE: Electrical & Computer Engineering or Early Childhood Education • We need a shared naming convention • One of the first duties of the new committee • Will look at existing ADS and Nexus naming conventions

  9. Workstations Organization

  10. Workstations • subtree follows organization of university workstation management • IST manages many administration PCs • Library and residences have own IT shops • Much software purchased and policies set at faculty level • Non-windows machines also in the tree

  11. Unix • Use AD for password authentication • Possible to use AD to store uids, gids, home directories, shells, etc. • Problem: multiple jurisdictions with distinct uid/gid and home directory systems • Various possible solutions • Use NIS or password files (but not passwords) • Virtual directories with different values for each jurisdiction

  12. Macintoshes • Many Macs participate in Nexus already • Prefer using Apple OpenDirectory which is a virtual directory that gets userids/passwords, groups, etc. from AD • Called Magic Triangle • MacTUG group involvement on Mac related issues

  13. Software Delivery • GPOs, Systems Center, etc. • Nexus has a wealth of software packages • Would like to move to self-serve for offices • Web based, automated delivery in future • Encourage transforms rather than new packaging

  14. Common Applications • Software commonly needed • FireFox, Acrobat reader, Flash, etc • Set timetable for updates • Have early testers before general release

  15. Security Considerations • Continue protective measures on DCs • Want VPN to limit access from Internet, wireless, residences, etc. • ‘reverse turing test’ like CAPTCHAs, audio, etc. - centralized people-tester – Google does this too • Certificates for user signing • Two factor authentication for some

  16. Summary • Domain should be as simple as possible while reflecting the structure of UW • Future services like video conferencing and digital signing will make use of AD • Economize effort, minimize duplication • Take the best of ADS and Nexus

More Related