City-wide Active Directory Project Town Hall II 5/20/2018 6:35 PM Active Directory City and County of San Francisco City-wide Active Directory Project Town Hall II © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Introductions and Recap Town Hall I Review and Q&A Proposed AD Architecture Proposed Project Timeline Path Forward Questions

Project Update Review: Q&A from Town Hall I Project Status Services Authorizations AD Interfaces Security Policies

Q&A from Town Hall I - Project Status Is the AD infrastructure already in place? How will departments who wish to participate in City-wide AD be incorporated? What is the roll-out plan for departments who wish to participate under the City-wide AD? Site Assessments

Q&A from Town Hall I - Services What are the service offerings? Show how the ability to share resources across departments will be facilitated. If a department already has Windows 2008, can Federation Services be installed?

Q&A from Town Hall I - Authorizations Will this architecture work for sharing drives between departments? Is it possible for departments to access each other’s data using Federation? Under the City-wide AD, how are OU’s authorized to share resources between OU’s?

Q&A from Town Hall I - Interfaces Was it reported that Exchange Online will not support a Federated model? How will eMail be accessed out-of-network ? Is City-wide AD a pre-requisite for Exchange Online?

Q&A from Town Hall I - Security Policies Define auditing and control procedures? How will the forest root enterprise admin credentials be secured? Define how security boundaries (OU) will be scalable and effective. Define how legally mandated network isolation will be supported, e.g. PCI, HIPPA. How will network security and administrative overhead be balanced?

Flat Architecture ARCHITECTURE

City-wide Active Directory Topology Migrate all users into the contoso.com forest, leaving the .treb forest with application servers (a resource forest) in the ca.treb (963 servers) and us.treb (587 servers). New servers would be provisioned into the contoso.com forest, upgrades or refresh of .treb servers can be evaluated on a case by case business.

City-wide Active Directory Federation Migrate all users into the contoso.com forest, leaving the .treb forest with application servers (a resource forest) in the ca.treb (963 servers) and us.treb (587 servers). New servers would be provisioned into the contoso.com forest, upgrades or refresh of .treb servers can be evaluated on a case by case business.

City-wide Active Directory Participation Migrate all users into the contoso.com forest, leaving the .treb forest with application servers (a resource forest) in the ca.treb (963 servers) and us.treb (587 servers). New servers would be provisioned into the contoso.com forest, upgrades or refresh of .treb servers can be evaluated on a case by case business.

PARTICIPATION BENEFITS Architectural Benefits FEDERATED BENEFITS PARTICIPATION BENEFITS PLUS… Authentication Services Services: Certification, File, and Print Standardized Server Builds and Policies Standardized Workstation Builds and Policies Standardized OU Structures Automated Software Distribution Application Support Enterprise Group Policies Security Policies e.g. Access, Password Admin Delegated Administration Preserves autonomy of agency control Better integration, increased security and control of city-wide identities Improved capabilities for Multi- and Inter- Agency Initiatives. City-wide eMail (Exchange Online ) SharePoint Collaborations Web Single Sign-on Access

DT Active Directory Timeline Projects DT Migration Begins DT Migration Completed (with full service availability) Active Directory Infrastructure Built DT to Exchange Online Migrated AD Root Migration Completed Migration from Novell to Active Directory Implement Interface Architecture Baseline Policy definitions, e.g. Security, Server Site Assessments Other city agency rollout Present March 2011 Future DT’s Migration into City-wide AD Services Authentication Services Standard Builds File, Printer Services Certificate Services Group Policies City-wide Wireless

Town Hall II Summary By March, 2011, DT Migration from Novell to Active Directory Implement AD Architecture Baseline Policy definitions, e.g. Security, Server Departmental Survey and Interviews Perform AD/ Email Site Assessments Determine Rollout Schedule w/ other Agencies

City-wide Active Directory Questions