Skip past navigation to main part of page
 
Identity & Access : Information Services
Skip past navigation to main part of page
---

Active Directory Remediation

Updates

November 2008:

The AD remediation work to implement IPTel is now underway or substantially complete. A number of service improvements have been delivered, or will be delivered in the next few weeks. The IDMS project will continue to implement directory improvements as it progresses.

AD_November2008_update.pdf d

 

 

Drivers

(Active Directory Remediation Overview Document )

There is no enterprise strategy around the ongoing maintenance of the Active Directory (AD) infrastructure at the University. This is now on a critical path, where new services such as Unified Communications, IP Telephony and enhanced Exchange functionality cannot be delivered effectively. In addition to this, the changing face of the University requires new and more flexible services, such as the desegregation of staff and student accounts and functionality.
In consultation with AD vendor Microsoft, Identity & Access and UC Program will schedule work to remediate the AD, with a focus on the following areas:

  • Definition of roles and responsibilities
  • Documentation of processes and procedures, including change control
  • Standardising naming conventions, Group policy and logon scripts
  • Building a delegation model that is scalable and robust
  • Unifying desktop and user provisioning
  • Automating the population and maintenance of the AD
  • Maintaining a Directory Service
  • Implementing and improving Monitoring, Auditing and DR capability

The methodology for the work will be a consultative Projects based methodology, incorporating the proven track record of previous projects such as the eXchange project.

There is an absolute requirement to have at least the OU restructure (for the departments that are having IPTel implemented) and the automation of attribute flow completed in time for the IPTel Pilot in November

 

Scope

As outlined above, following from the Microsoft report, and the observations of the I&A team, there are a number of tasks that must be undertaken to improve the AD. These tasks are a reasonable summary of the scope of work for the project. The tasks, in a rough chronological order, or order of precedence, are:

  • Governance / Policies
    a. Document Roles & Responsibilities
    b. Review / Redesign Delegation Model
    c.  Review Naming Standards / Policies
    d. Documentation of Tasks/Procedures – Service Management to Data Management
  • OU Re-Structure
  • Monitoring/logging and DR/security setup 
  • GPO and Faculty/Departmental logon script depending on Re-Structure – due to reduction in Local IT rights (for e.g. provisioning of homefolders)
  • Automated attribute flow from ARS (using Tibco)
  • Domain Consolidation – Merging of student domain
  • DDNS - Domain Name Rename- (Remove dependency from BIND DNS – Spilt Root name of Unimelb)

*-Items highlighted in Bold - Minimal requirements for IPTEL..

The tasks fall into a few areas. The first task split highlights two main pieces of work: remediation, and population/ongoing integration. The remediation tasks are the Governance / Policies tasks, OU Re-Structure and monitoring/logging, and the ongoing tasks are GPO/logon scripts, and automating the attribute flow.
The next categorization is into groups of like tasks. These are organisational tasks, e.g. the Governance / Policies tasks, Restructure tasks e.g. the restructure, domain consolidation etc and service management e.g. attribute flow, monitoring/logging and DR

TimeFrame

The timeframe for the work is driven in part by the implementation of the UC program. It is expected that at a minimum, the OU restructure (for at least the departments that are having IPTel implemented) and the automation of attribute flow is completed in time for the IPTel Pilot in November, with an absolute requirement to have the AD capable of fully supporting IPTel by February when the system goes live in the new Eco&Comm building


Plan

Active Remediation_Plan.pdf d

 

Deliverables

 

Roles & Responsibilities

The updated document is located at: Roles & Responsibilities

Provisional Naming Standard

Provisional Naming Standard is located at: Naming Standard

OU Structure

Overview of new OU structure d

AD Tool

The Active Directory Tool choosen is Quest's ActiveRoles Server (ARS), more information about this will be published shortly.

http://www.quest.com/activeroles-server/

FAQ

 

 
top of pagetop of page

Contact Us

Contact the University : Disclaimer & Copyright : Privacy : Accessibility