Upload
louvain
View
51
Download
2
Embed Size (px)
DESCRIPTION
Windows 2000. Arizona State University Windows 2000 Infrastructure Mehran Yahya Information Technology Patricia M. Schneider Information Technology – East. Windows 2000. Brief History of the Windows 2000 Project Project kickoff in April 1999 - PowerPoint PPT Presentation
Citation preview
Windows 2000Windows 2000
Arizona State UniversityWindows 2000 Infrastructure
Mehran YahyaInformation TechnologyPatricia M. Schneider
Information Technology – East
Windows 2000Windows 2000
Brief History of the Windows 2000 Project– Project kickoff in April 1999
Participating Units – College of Engineering, ASU West, ASU East, Information Technology
– Expansion of the project Other units joined the project Created various subcommittees
– AD Model, Kerberos, Migration, Service Level Agreement, Student Domain, Dfs, Group Policy, Documentation, Exchange 2000, QA Environment
Windows 2000Windows 2000
Development of the test models– Several variations of forest/domain
infrastructures
Windows 2000Windows 2000
Review by a Microsoft Consultant (August 2000)
http://www.asu.edu/it/w2k/documents.html
Windows 2000Windows 2000
Final production model defined (September 2000)
Windows 2000Windows 2000
Implemented empty root domain in production (September 2000)– AD.ASU.EDU– Provides a secured environment for schema
management
Windows 2000Windows 2000
Implemented the ASURITE domain (October 2000)– ASURITE.AD.ASU.EDU– Upgraded existing Windows NT 4.0 ASURITE
domain to Windows 2000– Approximately 12,000 current accounts
8,200 current Exchange mailbox accounts
– Faculty/staff– Student workers with Exchange accounts
Windows 2000Windows 2000
Created a Development Environment– TAD– TASURITE– TASUSTUDENT
Windows 2000Windows 2000
Created a Quality Assurance Environment– QAAD– QAASURITE– QAASUSTUDENT
Windows 2000Windows 2000
Created a Production Student Domain– ASUSTUDENT
Windows 2000Windows 2000
ASU-West domain creation ASU-West student domain creation ASU-East domain creation
Windows 2000Windows 2000
Established a trust between the current MIT v5Kerberos domain and the Windows ASUADdomain
– Use of Kerberos authentication for student sites– Populated the ASUAD domain with all active
Kerberos IDS (approximately 91,000)– Necessary to allow child domains use of the
Kerberos accounts– Name mappings between ASUAD accounts and
Kerberos domain accounts– Work around for licensing in labs and classrooms
Windows 2000Windows 2000
(EAST)EAST.AD.ASU.EDU
Site = M AIN
Schema,Domain Naming,
PDC, GC
(ASUAD)AD.ASU.EDU
PDC,GC
GCRID,Inf.
Master
(ASURITE)ASURITE.AD.ASU.EDU
PDC,GC
RID,Inf.
Master
(STUDENT)ASUSTUDENT.AD.ASU.EDU
PDC, RID,Inf. Master, GC
GC
(ASUW EST)W EST.AD.ASU.EDU
(W ESTSTUDENT)W ESTSTUDENT.AD.ASU.EDU
Arizona State University Active Directory ForestForest Root Domain Name = AD.ASU.EDU
Site = M AIN
Site = WEST
PMS 2/14/2003
ASU Windows 2000 Domain Structure (2/14/2003)
M IT v5Kerberos
3
21
GCPDC, RID,Inf. Master
1 2
PDC,RID,GC
InfrastructureMaster
1 2
Inf.Master
RID,GC
21
321 21
AD1: ECA2: BAC3: Old Main
ASURITE1: ECA2: Old Main3: BAC
STUDENT1: ECA2: BAC
Windows 2000Windows 2000
Development of the Service Level Agreement (April 2001)- Outlined IT responsibilities for maintaining the
infrastructure
- Outlined four options that a unit can choose from for its environment
Responsibilities vary depending on the option selected
– http://www.asu.edu/it/w2k/documents.html
Service Level AgreementService Level Agreement
Implement in Development and QA before going to Production
Redundant Domain Controllers Microsoft Operations Manager
- Replication within a Domain
- Replication between Sites Disaster Recovery 24/7 On-call Support
Windows 2000Windows 2000
SLA – Option 1– Resource Management via Organizational Unit(s)
in the ASURITE.AD.ASU.EDU or STUDENT.AD.ASU.EDU Domains
Windows 2000Windows 2000
SLA – Option 2– Member Server(s) in the ASURITE.AD.ASU.EDU
or STUDENT.AD.ASU.EDU Domains
Windows 2000Windows 2000
SLA – Option 3– Separate Domain (child/peer) – Campus /
College / VP Level Units Only
Windows 2000Windows 2000
SLA – Option 4– Separate Forest
Windows 2000Windows 2000
Requesting to Join the AD.ASU.EDU Forest Requesting DNS Services for a New Forest Requesting Restore of Active Directory
Objects Requesting Service Authorization / Delegation Non-Compliance Service Level Agreement Form Submission
– http://www.asu.edu/it/w2k/documents.html
Account Creation ProcessAccount Creation Process
AP Process – Primary Process for Account Creation ASUAD Domain
- All Active IDs ASURITE Domain
- Faculty, Staff and Student Workers w/Exchange Student Domain
- No Accounts East and West Domains (their own IDs)
Account Creation ProcessAccount Creation Process
Dept./College
HRMS
HR
SIS
AP
Affiliate DB
John Smith
Automated process createsjsmith user ID
DNS and DHCPDNS and DHCP
NetID ver 4.2.2 from Nortel Networks4 DNS Servers; 1 Primary and 3
BackupUpdate SRV Records for Domain
Controllers2 Campus DHCP Servers
DNS and DHCPDNS and DHCP
DHCP
Sunfire 150
Primary DHCP
Server Manager for DHCP Servers
ASUDNS3
Netra 10
DNS
ASUDNS2
Netra 10
DNS
Server Manager for DNS Servers
ASUDNS1
Netra 10
DNS
ASUDNS4
Sunfire 280R
Primary DNS
Application Server Sybase Database Backup DHCP
DNS and DHCPDNS and DHCP
Web BrowserApplication
Server
DNSServer
DNSServer
DNSServer
DHCPServer
ServerManager(process)
Database
ServerManager(process)
DNS and DHCPDNS and DHCP
Do not register Workstations or Member Servers in DNS
OU Creation and SecurityOU Creation and Security
OU Creation and Delegation
- Default Groups
- Delegate Administrative AuthorityACL and Security
- OU Access/View using MMC
Windows 2000Windows 2000
Exchange 2000– Member servers in the ASURITE.AD.ASU.EDU
domain– Uses active directory for global address list– Distribution lists– Attribute population
Windows 2000Windows 2000
Windows 2003– Wait until the end of summer to begin
testing– Setting up a testing environment
SMS 2003– Testing is beginning– For more information, contact Russ Mohn
Windows 2000Windows 2000 Additional resources
– ASU Windows 2000 web page http://www.asu.edu/it/w2k/documents.html
– Active Directory – 2nd Edition O'Reilly & Associates, Paperback, 2nd edition, Published
April 2003, ISBN 0596004664 – Windows 2000 Group Policy, Profiles and IntelliMirror
Sybex / 2001 / 0782128815 – Microsoft web page– TechNet– MSDN