Skip to the content of the web site.

UW Project Charter: Active Directory Consolidation

Introduction

The CTSC subcommittee report on Active Directory Consolidation and Future Governance made four recommendations:

  1. Nexus and ADS should be merged, and the architecture of the new campus active directory should be a single domain model. Departmental and other active directories within the scope of the project should be phased out, with the new campus active directory providing the services required.

  2. The AD Management Committee should be created, and terms of reference developed. The new committee co-chairs can be tasked with requesting additional resources, scheduling meetings, etc.

  3. IST should be responsible for operational management of the core infrastructure for the consolidated active directory. That is, acquisition, hosting, configuration, administration, monitoring, debugging, 7x24 support, disaster recovery, etc., on the set of active directory core servers (e.g., DCs). Engineering Computing will assist with the monitoring and debugging of the directory controllers.

  4. The APIST should, after whatever consultation and information gathering he deems reasonable, make a decision on whether to create a new directory, or merge to an existing directory.
After consultation the decision as per recommendation 4 is to merge to the Nexus domain.

Scope and Objectives

The objective of this project is to implement recommendation 1, merging Nexus and ADS, and providing the services in that single domain architecture to enable the phasing out of other applicable active directory domains on campus.

In working towards this objective, the project team works under the direction of the AD Management Committee and develops the processes such that IST is capable of assuming the responsibility for operational management of the consolidated active directory.

Outline of Work

The project team and the AD Management Committee must establish an outline of the work involved in merging and determine priority areas and order of work effort. The following technology areas should be considered in determining the outline of work:
  • establishment of OrganizationalUnit (ou) hierarchy
  • establish sound security practices for AD infrastructure itself and for services provided
  • considerations for workstations, equipment used by users to obtain services
  • migration of workstations from current ADS domain into Nexus domain
  • image build(s) for adding new workstations to Nexus domain
  • ensuring all people are present in Nexus, and provisioned by WatIAM
  • considerations for groups, both provisioned by WatIAM and other methods
  • establish naming conventions for groups, devices, workstations, servers, printers, group policies, etc.
  • use of IST server infrastructure to manage the environment, including login, application and controller logs.
  • software delivery considerations, site licensed, individual licensed and freely available
  • software update strategies
  • servers hosted in the domain
  • migration of applications hosted on servers

Project Deliverables

The primary project deliverable is one active directory that includes all members of the campus community and hosts the workstations in computing labs and offices for a highly significant percentage of the facilities at the University of Waterloo.

By including these two elements, services in the areas of workstation management, software distribution, authentication services, group policies, etc. can be provided from a single source to most, if not all, of the campus community.

Also by merging the Nexus and ADS directories, the delivered Active Directory is intended to be ready to directly provide necessary services to other groups who currently manage other AD directories on campus.

Timing

Subject to discussion of time lines for individual areas of work to be completed, the project should have an overall objective of achieving two milestones by May 1, 2011:
  1. Most employee logins from individual workstations to the Nexus domain
  2. IST assumes responsibility for operational management of Nexus

Constraints, Assumptions, Risks

Both the ADS domain and the Nexus domain will be providing production level services to the campus community during this transition phase. Change must be carefully managed.

Information Systems and Technology and Engineering Computing are committed to achieving a merged directory and will seek consensus solutions for resolving technology differences between the current ADS and Nexus domain implementations. Where consensus is not achieved in a reasonable time period, such issues will be identified clearly and referred to the AD Management Committee for resolution.

Information Systems and Technology and Engineering Computing both recognize this is a strategic priority for the University of Waterloo and will provide staff time and priority to complete the project in a timely manner. Both the AD Management Committee and the Computing Technology and Services Committee (CTSC) will be provided with regular updates.

Project Team

Project Lead: Martin Timmerman (IST)
Project members: Daniel Delattre (Engineering Computing), Erick Engelke (Engineering Computing), Dave Hinton (IST), Manfred Grisebach (IST), Sean Mason (IST), Hon Tam (Engineering Computing), Jason Testart (IST)

AD Management Committee: Erick Engelke (co-leader, Engineering Computing), Martin Timmerman (co-leader, IST), Bruce Campbell (IST), others TBD

Review Team: Computing Technology and Services Committee (CTSC)

Last updated by Martin Timmerman on Thursday, 21-Oct-2010 11:45:37 EDT