Windows 2000

Windows 2000Windows 2000

Arizona State UniversityWindows 2000 Infrastructure

Mehran YahyaInformation TechnologyPatricia M. Schneider

Information Technology – East


Brief History of the Windows 2000 Project– Project kickoff in April 1999

Participating Units – College of Engineering, ASU West, ASU East, Information Technology

– Expansion of the project Other units joined the project Created various subcommittees

– AD Model, Kerberos, Migration, Service Level Agreement, Student Domain, Dfs, Group Policy, Documentation, Exchange 2000, QA Environment


Development of the test models– Several variations of forest/domain

infrastructures


Review by a Microsoft Consultant (August 2000)

http://www.asu.edu/it/w2k/documents.html


Final production model defined (September 2000)


Implemented empty root domain in production (September 2000)– AD.ASU.EDU– Provides a secured environment for schema

management


Implemented the ASURITE domain (October 2000)– ASURITE.AD.ASU.EDU– Upgraded existing Windows NT 4.0 ASURITE

domain to Windows 2000– Approximately 12,000 current accounts

8,200 current Exchange mailbox accounts

– Faculty/staff– Student workers with Exchange accounts


Created a Development Environment– TAD– TASURITE– TASUSTUDENT


Created a Quality Assurance Environment– QAAD– QAASURITE– QAASUSTUDENT


Created a Production Student Domain– ASUSTUDENT


ASU-West domain creation ASU-West student domain creation ASU-East domain creation


Established a trust between the current MIT v5Kerberos domain and the Windows ASUADdomain

– Use of Kerberos authentication for student sites– Populated the ASUAD domain with all active

Kerberos IDS (approximately 91,000)– Necessary to allow child domains use of the

Kerberos accounts– Name mappings between ASUAD accounts and

Kerberos domain accounts– Work around for licensing in labs and classrooms


(EAST)EAST.AD.ASU.EDU

Site = M AIN

Schema,Domain Naming,

PDC, GC

(ASUAD)AD.ASU.EDU

PDC,GC

GCRID,Inf.

Master

(ASURITE)ASURITE.AD.ASU.EDU

PDC,GC

RID,Inf.

Master

(STUDENT)ASUSTUDENT.AD.ASU.EDU

PDC, RID,Inf. Master, GC

GC

(ASUW EST)W EST.AD.ASU.EDU

(W ESTSTUDENT)W ESTSTUDENT.AD.ASU.EDU

Arizona State University Active Directory ForestForest Root Domain Name = AD.ASU.EDU

Site = M AIN

Site = WEST

PMS 2/14/2003

ASU Windows 2000 Domain Structure (2/14/2003)

M IT v5Kerberos

3

21

GCPDC, RID,Inf. Master

1 2

PDC,RID,GC

InfrastructureMaster

1 2

Inf.Master

RID,GC

21

321 21

AD1: ECA2: BAC3: Old Main

ASURITE1: ECA2: Old Main3: BAC

STUDENT1: ECA2: BAC


Development of the Service Level Agreement (April 2001)- Outlined IT responsibilities for maintaining the

infrastructure

- Outlined four options that a unit can choose from for its environment

Responsibilities vary depending on the option selected

– http://www.asu.edu/it/w2k/documents.html

Service Level AgreementService Level Agreement

Implement in Development and QA before going to Production

Redundant Domain Controllers Microsoft Operations Manager

- Replication within a Domain

- Replication between Sites Disaster Recovery 24/7 On-call Support


SLA – Option 1– Resource Management via Organizational Unit(s)

in the ASURITE.AD.ASU.EDU or STUDENT.AD.ASU.EDU Domains


SLA – Option 2– Member Server(s) in the ASURITE.AD.ASU.EDU

or STUDENT.AD.ASU.EDU Domains


SLA – Option 3– Separate Domain (child/peer) – Campus /

College / VP Level Units Only


SLA – Option 4– Separate Forest


Requesting to Join the AD.ASU.EDU Forest Requesting DNS Services for a New Forest Requesting Restore of Active Directory

Objects Requesting Service Authorization / Delegation Non-Compliance Service Level Agreement Form Submission

– http://www.asu.edu/it/w2k/documents.html

Account Creation ProcessAccount Creation Process

AP Process – Primary Process for Account Creation ASUAD Domain

- All Active IDs ASURITE Domain

- Faculty, Staff and Student Workers w/Exchange Student Domain

- No Accounts East and West Domains (their own IDs)

Account Creation ProcessAccount Creation Process

Dept./College

HRMS

HR

SIS

AP

Affiliate DB

John Smith

Automated process createsjsmith user ID

DNS and DHCPDNS and DHCP

NetID ver 4.2.2 from Nortel Networks4 DNS Servers; 1 Primary and 3

BackupUpdate SRV Records for Domain

Controllers2 Campus DHCP Servers


DHCP

Sunfire 150

Primary DHCP

Server Manager for DHCP Servers

ASUDNS3

Netra 10

DNS

ASUDNS2

Netra 10

DNS

Server Manager for DNS Servers

ASUDNS1

Netra 10

DNS

ASUDNS4

Sunfire 280R

Primary DNS

Application Server Sybase Database Backup DHCP


Web BrowserApplication

Server

DNSServer

DNSServer

DNSServer

DHCPServer

ServerManager(process)

Database

ServerManager(process)


Do not register Workstations or Member Servers in DNS

OU Creation and SecurityOU Creation and Security

OU Creation and Delegation

- Default Groups

- Delegate Administrative AuthorityACL and Security

- OU Access/View using MMC


Exchange 2000– Member servers in the ASURITE.AD.ASU.EDU

domain– Uses active directory for global address list– Distribution lists– Attribute population


Windows 2003– Wait until the end of summer to begin

testing– Setting up a testing environment

SMS 2003– Testing is beginning– For more information, contact Russ Mohn

Windows 2000Windows 2000 Additional resources

– ASU Windows 2000 web page http://www.asu.edu/it/w2k/documents.html

– Active Directory – 2nd Edition O'Reilly & Associates, Paperback, 2nd edition, Published

April 2003, ISBN 0596004664 – Windows 2000 Group Policy, Profiles and IntelliMirror

Sybex / 2001 / 0782128815 – Microsoft web page– TechNet– MSDN

Documents

Windows 2000