Difference between revisions of "Active Directory/Overview"
Line 37: | Line 37: | ||
==Domain Restoration== | ==Domain Restoration== | ||
− | + | Backups of all critical WolfTech data occur daily. However, due to the complexity, impact to service, and time required to make any restoration, these backups will only be used in the event of a domain-wide catastrophic failure. Every OU Admin should maintain records of their OUs, GPOs, groups, computer and user accounts with the upmost care. Detailed documentation of these resources is highly recommended should the OU Admin need to recreate any portion of their OU structure. | |
==Schema Extensions== | ==Schema Extensions== |
Revision as of 10:10, 26 September 2007
The WolfTech Active Directory service is offered to all NC State units for use in managing their Microsoft Windows environment. The following policies should help to provide an overview of the service offered.
User Accounts
The UnityID username/password information for all active students, faculty and staff of the academic units here at NC State University are maintained in the WolfTech domain. UnityIDs are synchronized daily.
Authentication
Users logs in to the WolfTech domain with their UnityID username/password. Users can synchronize their passwords or reset their passwords using the regular NCSU Password Change page. All password changes are syncronized in real time.
Non UnityID Accounts
OU Admins can create, delete and modify non-UnityID account within their OUs. However, these accounts must follow the naming conventions layed out in the Naming Standards section of this website. OU Admins are responsible for all accounts in their department OU.
Computer Accounts
Whenever an OU Admin joins a computer to the domain, a computer account is created.
We request that ...
We recommend that ...
When a computer is joined to a domain, a computer account is created in that domain. We recommend that the departmental computers be added to the WolfTech domain by first adding the computer name into the departmental OU using the Active Directory Users and Computers MMC.
OU Admins are asked to keep the Computers container empty and have been delegated the permissions needed to move any computer accidentally created there to their own OU.
Naming Standards
The WolfTech domain follows a naming standard for all computer and user accounts, groups, GPOs, and OUs. Details of the standard are available at the Naming Standards section of this website. Following the standard will prevent any interoperability issues within the domain, and allows for automation of many administrative tasks. All OU Admins must read and follow these standards.
Windows 2003 Forests and Domains
The WolfTech Active Directory is a single forest, single domain model.
Domain Support Model
WolfTech Computer Support maintains all domain controllers required for the WolfTech Active Directory domain. In addition, the central patch management (WSUS) is maintained for any OU not currently running their own -- though these units will be subject to the WolfTech Update Policy and should be sure to review it thoroughly. All central file services, including the domain DFS roots will also be maintained centrally -- these will be used to provide any university wide software packages (refer to Software Packages for a complete list of currently available packages).
All other support for departmental and college computers, servers, and unit specific group policies are the responsibility of the OU administrators of those units. Full OU administrative rights have been delegated for this purpose.
WolfTech Computer Support will address any questions or concerns of OU Administrators, but all end user requests or questions should be addressed to the appropriate local Systems Administrator.
Domain Restoration
Backups of all critical WolfTech data occur daily. However, due to the complexity, impact to service, and time required to make any restoration, these backups will only be used in the event of a domain-wide catastrophic failure. Every OU Admin should maintain records of their OUs, GPOs, groups, computer and user accounts with the upmost care. Detailed documentation of these resources is highly recommended should the OU Admin need to recreate any portion of their OU structure.
Schema Extensions
Schema extensions are not to be taken lightly as they cannot be reversed. Any proposed extension must be reviewed and shown to offer improvements for the domain as a whole, or at the very least, not negatively impact the rest of the domain users. Rigerous examination and testing must occur to ensure the stability of the WolfTech domain. All requests to extend the domain schema should be sent to the WolfTech support group.
Trusts between WolfTech and Other NC State Windows Domains
Only one-way, non-transitive trusts will be permitted between WolfTech and other Windows domains. The purpose of such trusts is to facilitate migration of services to the WolfTech Active Directory domain. Their duration will be based on negotiations between WolfTech Computer Support and the OU Admins affected. Two-way trusts between WolfTech and other forests/domains at NC State will not be established.
Roaming Profiles and Individual Logon Scripts
Because they are very difficult to support within a large domain and to limit network traffic *and* time to login, roaming profiles and logon scripts assigned to individual users are not supported within the WolfTech domain. Active Directory provides other advanced features such as group policies and folder redirection to define the user environment. Refer to the Documentation page for details.
Support Mailing List
Technical support personnel with administrative privileges are required to subscribe to the wolftech-ad@lists.ncsu.edu mailing list, as it is the primary communication method on matters concerning the WolfTech Active Directory domain. It is advised that subscriptions to the activedirectory@lists.ncsu.edu list be maintained as well due to its use for campus wide Active Directory issues.
Service Level
The WolfTech Active Directory domain architecture is designed to provide continuous service delivery without interruption or impact due to maintenance or hardware failure. In the event of a service interruption or modification, recovery procedures will be implemented, including notification and resolution.