Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.

Slides:



Advertisements
Similar presentations
ADManager Plus Simplify Your Active Directory Management.
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Unstructured Data Partitioning for Large Scale Visualization CSCAPES Workshop June, 2008 Kenneth Moreland Sandia National Laboratories Sandia is a multiprogram.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Active Directory: Final Solution to Enterprise System Integration
Software Asset Management at Sandia National Laboratories NLIT Summit 2009 June 2, 2009 Ramona K. Gallegos Programmer/Analyst Andrew H. Steele Programmer/Analyst.
Presented by: Mark Hendricks
Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 3 / 12 CHAPTER Databases MIS105 Lec14 Irfan Ahmed Ilyas.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
ESupport Shifting Customers to the Internet for Support Published: January 2002.
Chapter 1 Introduction to Databases
SAND Number: P Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
Understanding Active Directory
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Chapter 7 Database Auditing Models
Corso referenti S.I.R.A. – Modulo 2 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
OU Passwords What they all mean. What is a password Webster’s Online Dictionary describes a password as “a sequence of characters required for access.
Module D Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson Education, Inc. Publishing as Prentice Hall.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Crystal Yellow Agile Software Methodology For ParaView Development Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin.
SAINT2002 Towards Next Generation January 31, 2002 Ly Sauer Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation,
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Windows 2000 Active Directory Service COSC 513 Yongquan Cai 03/10/2001.
Persistence Store Project Proposal.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Module 11: Remote Access Fundamentals
Workstation Imaging Process Overview Thomson Reuters –Manoj Shah –Mike Bowers –Curt Ricard –Sangkhone Stoltz –Joe Ness March 26 th, 2009.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.
Windows Role-Based Access Control Longhorn Update
W2K Migration Status Report W2k Migration Working Group February 21, 2001.
Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Site Report DOECGF April 26, 2011 W. Alan Scott Sandia National Laboratories Sandia National Laboratories is a multi-program laboratory managed and operated.
Windows 2000 Ronnie Park Jarod Nozawa Joe Stones Yassir Mhdhroui.
Introduction to Active Directory
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Module 1: Introduction to Windows 2000 and Networking.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Performing Fault-tolerant, Scalable Data Collection and Analysis James Jolly University of Wisconsin-Madison Visualization and Scientific Computing Dept.
Education Solution.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Automated File Server Disk Quota Management May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department Sandia is.
Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Secure Connected Infrastructure
Shibboleth Integration Fairfield University
Implementing Active Directory Domain Services
THE STEPS TO MANAGE THE GRID
Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016
Windows Active Directory Environment
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
Presentation transcript:

Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

Agenda Background Motivation Design and Implementation Performance Discussion Future Directions

Active Directory Localized data store containing information about objects –Users –Computers –Contacts, etc. Provides information to applications –Authentication and access control –Contact information –Group membership Uses LDAP Communication Protocol –Lightweight Directory Access Protocol

Active Directory at SNL User account objects: –12651 user accounts –2023 service accounts Group objects –14024 group objects Contact objects: –21543 contact objects Computer objects: –24989 computer objects

The Problem Authoritative data source for computer account information is not Active Directory (AD) –SQL Database: Network Information System (NWIS) Policy requires any object in Active Directory to be in authoritative data source –Policy was not enforced Administrative duplication of efforts –Machine records manually entered into database –Computer accounts manually entered in AD –Computer accounts manually managed in AD once populated

Solution Automate computer account population and management in Active Directory

Benefits Automated population and standardization of account data –Ownership –Support notes Reduced administrative overhead –Eliminate need for manual account creation Enable registration policy enforcement Accurate reflection of actual computer usage –Large impact to billing calculations –Removal of inactive accounts from AD

Implementation - Platform Application developed using.NET Framework –Allows easy interoperability with Active Directory –Simple interface with SQL database as well –Service easily integrates with existing Windows platform

Implementation - Provisioning  Database UniqueID  Name  Owner  Management Info  OS  Machine roles  Etc.  AD UniqueID  Name  Owner Info  OU Location  Provisioning Tags

Implementation - Management  Authorized Accounts  Existing Accounts  New Accounts  Account Changes  Expired Accounts

Implementation Concerns How to handle machines no longer authorized to be in Active Directory? Handle workstations differently than servers? How to handle machine renames? How to handle movement of computers between management unit OU’s? –Machine owner changes locations, and thus changes management unit

Future Directions Automated management of object location –Requires consistent OU structure within management units Feed Active Directory information back to authoritative data source –Usage information –Logging information

Design and Implementation Team Database –Miriam Maldonado –Stan Hall –Andrew Steele –Robbie Evanoff –Jim House Active Directory –Bob D’Spain –Jason Crenshaw –Bill Claycomb

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.