Minutes of Active Directory Committee meetings.

CBA/JDE-Aug 1st

CIT-Aug 1st

JDE-Full Deployment

120 Student Laptops

10-20 Faculty

10 Staff

10 Servers (including Terminal Server)

CBA Labs

5 Graduate Labs (20 computers)

CoeLab (130 users)

CIT

150 lab machines

The first issue discussed was the location of student accounts in the AD. One proposal was for students to be assigned to OUs by college (CBA, Arts & Sciences, etc). This would allow each college-level OU administrator to reset passwords, assign rights to users, and further delegate authority over student accounts within their OU.

A problem with this method would be granting rights to students outside of their college. One other problem mentioned was that a student calling the helpdesk would get referred to another tech support number depending on what college they were in.

Alternatively, the student accounts could be located in a single root-level OU. Only the domain administrators would have full access to this OU, so this method prevents any permanent changes to student information. The IS helpdesk could be given rights to reset any student passwords. Each OU administrator could then assign students to local OU groups to grant access. The group consensus was that the second option was preferable.

After further research and testing, it was found that the Win2k research groups initial recommendation regarding password policies was invalid. Password policies can only be set at the domain level, so an agreement was reached as follows:

• No history
• Minimum age = 0
• Maximum age = 0
• Minimum length = 6
• No forced complexity

Can second-level OUs under different root-level OUs have the same name?

Present:

Patrick Menard-Chair
Mike Davison
Matt Foreman
Cory Goesch
Ron Hunt
Paul Menter
Corrie Svehla
Eric Thomas