AD Committee Meeting

September 10, 2002

 

Attendees:

John Sawyer                Environmental Horticulture

Mark Palmer                Provost

Mark Ross                   Plant Pathology

Kevin Hill                   Immokalee

Mike Kanofsky           ITNS

Joe Hayden                 FACOPS

Steve Lasley                Entomology

David Ayers                IT/District Support

Dwight Jesseman        IT

Dean Delker                IT/NS

Sherry Hays                College of Agricultural and Life Sciences

Jarrod Morgan             College of Agricultural and Life Sciences

Jack Kramer                Ft. Lauderdale via streaming audio

 

 

Old Business:

Previous meeting minutes were approved.  An update on the IFASDOM environment enumeration was not covered due to Tim and Chris not attending the meeting.

Questionaire:  Sherry will put together a tally of answers that were given. Editorialize it.

 

Project documentation:  Steve mentioned that he had added a few links to the web page “Links to AD articles”.  Enumeration results by domain and AD development and Testing were added. 

 

Project timeline – Kevin gave a brief overview of the timeline.  Steve mentioned that we will be working on a preliminary budget for the next ITPAC committee meeting in October.   Steve said that we should probably come up with a dollar amount for the servers we will need up front to set up testing of the AD project.  Steve mentioned that we needed to add Security Policy and work with UF concerning configuration changes.  Mark suggested that we ghost the Meta directory timeline over the timeline Kevin put together.  Obtaining a consultant was brought up and UF put together a draft proposal asking for personnel, office, machines, IFAS wouldn’t have to worry about the root.  Kevin said that the timeline was very basic – can be added to as we go along. 

 

 

New Business: 

 

Preliminary Budget

Hardware – rather than specking out machines, we need to figure out how many machines we need first.  Initially, two servers for root, two machines for global directory.  Need super robust machines – buy a machine and replace with more robust machine and move the first machine down to other department.

 

Opened up the Proposed AD Budget template to fill out as we talk.  The template can be found at:  \\ad.ufl.edu\ifas\PRIVATE\ICC\OldADplanningShare\ProposedADBudget1.xls

 

If you have a UF root and have three domains below that, if you don’t populate UF root with Exchange 2000 (global catalog), it has to tie to a level above.  You have to have them talking to each other. 

 

Kevin asked Mike to look into the Exchange 2000 idea, see what the advantage will be.  There are definitely advantages to build it in to the AD rollout.  Mike will look into licensing prices and hardware cost.

 

Do we need to budget for WinNet, other miscellaneous software?

 

There was talk to breakdown the Domain Controllers to domain and print sharing servers.  We may need to look into increasing the CIR’s in the IT computer room. 

 

Claude’s contribution – find out what it would cost to bring up all REC’s to current T1 connections. 

 

FTEs – support personnel. 

SMS (system management server) – need more personnel – recommend at least 6 people to keep this up  These will be recurring costs. 

 

SQL software –

 

Training – bring in someone from outside to teach AD campus-wide.  5 day classes – price?  Three sessions – 20 people each. 

 

Get a test environment set up and get training and go into the test environment immediately.  Make each class customized. 

 

Consultant – maybe have a person from another land grant university that has recently gone through an AD migration come and tell us what really happened with their installation.

 

Put out a query asking if there is anyone here at UF that has extensive knowledge on AD to see if they would consult with us on AD. 

 

Continued AD Design Discussions:

 

Kevin brought up on the screen an empty root for win.ufl.edu that you would populate with OU containers for student (and Faculty/staff accounts).

 

Make the names of each domain reflect correct name of department.  Or, just make each branch domain 1, domain 2, etc.

 

It was mentioned that to keep the users and domain spaces separate for security purposes.  The Stanford proposal could be included in the UF proposal with duplication in the Stanford proposal, but would allow domain controllers to go either through the user or the OU to make updates and/or changes. 

 

Upon delegating control to domains, they (using the above proposal) will now have authentication in two domains instead of one domain only.  Will depend on naming conventions (administrator ID or group) (i.e.use a certain format, identifier, enterprise admin).

 

Will not have single sign-on until we have a global directory with id and full name. 

 

Security needs to be wrapped up before gatorlink will be secure.  (changing passwords, etc.)  People who do not work for UF will have local accounts set up for them. 

 

Dot.net throws in cross forest trusts.  Other domains are transitive. 

 

Another proposal on the AD tree would be to have all the users in a local domain.  Put all students in the root. 

 

Steve has not seen a design that populates user containers with an external source.  He asked everyone to look around and see if they can find a proposal that shows this. 

 

We need a contact that can answer questions about Kerberos, ask them to attend our next meeting.

 

Assignments: 

 

Kevin and Mike are going to look at different site topologys.

 

Kevin asked Mike to look into the Exchange 2000 idea, see what the advantage will be.  There are definitely advantages to build it in to the AD rollout.  Mike will look into licensing prices and hardware cost.

 

Claude’s contribution – find out what it would cost to bring up all REC’s to current T1 connections. 

 

Sherry is going to work on questionnaire summary.

 

We need enumeration.

Training opportunities – need costs. 

 

Next meeting date is October 8^th.

 

Meeting was adjourned.