Minutes of Active Directory Committee meetings.
Patrick presented the three domain-wide policies below, which the committee agreed to.
Patrick found that second-level OUs under different root OUs worked fine. An example of this kind of naming would be BF\Accounting and IANR\Accounting.
This brought up the point of computer naming conventions. The current policy was to use the OU prefix for computer accounts. However, in the example above, there would be two Accounting OUs. The solution that was found was to use the root OU prefix for all computers within that OU. This could be further expanded if desired, such as BF-Acct-computername.
Cory reported that his testing of GPO found that the policies don't span objects in different OUs. He tried creating a security group in his OU and applying a GPO to it and it didn't work. Until another solution is found for this, it means that computer labs will have to use generic accounts for security.
Domain controller installation is on hold until the DNS update allowing SRV records is complete.
Eric mentioned that Terminal Server Licensing needs to run on a domain controller. CBA/JDE would be willing to provide a server for this (we could use the server they are currently using to test terminal services).
Student OU policies were discussed. It was agreed that GPO would not be applied to student accounts directly, but rather to the computers they are on. This is because the computer accounts will be controlled by the OU admins, and they won't have rights to the student accounts. Alternatively, generic lab accounts could be used to handle local GPO.
OUs will be set up for testing this week.
Present:
Patrick Menard-Chair
Cory Goesch
Ron Hunt
Shannon Kershaw
Paul Menter
Corrie Svehla
Eric Thomas