Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.

Published byAnn Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram."— Presentation transcript:

1 Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

2 Agenda Background Motivation Design and Implementation Performance Discussion Future Directions

3 Active Directory Localized data store containing information about objects –Users –Computers –Contacts, etc. Provides information to applications –Authentication and access control –Contact information –Group membership Uses LDAP Communication Protocol –Lightweight Directory Access Protocol

4 Active Directory at SNL User account objects: –12651 user accounts –2023 service accounts Group objects –14024 group objects Contact objects: –21543 contact objects Computer objects: –24989 computer objects

5 The Problem Authoritative data source for computer account information is not Active Directory (AD) –SQL Database: Network Information System (NWIS) Policy requires any object in Active Directory to be in authoritative data source –Policy was not enforced Administrative duplication of efforts –Machine records manually entered into database –Computer accounts manually entered in AD –Computer accounts manually managed in AD once populated

6 Solution Automate computer account population and management in Active Directory

7 Benefits Automated population and standardization of account data –Ownership –Support notes Reduced administrative overhead –Eliminate need for manual account creation Enable registration policy enforcement Accurate reflection of actual computer usage –Large impact to billing calculations –Removal of inactive accounts from AD

8 Implementation - Platform Application developed using.NET Framework –Allows easy interoperability with Active Directory –Simple interface with SQL database as well –Service easily integrates with existing Windows platform

9 Implementation - Provisioning  Database UniqueID  Name  Owner  Management Info  OS  Machine roles  Etc.  AD UniqueID  Name  Owner Info  OU Location  Provisioning Tags

10 Implementation - Management  Authorized Accounts  Existing Accounts  New Accounts  Account Changes  Expired Accounts

11 Implementation Concerns How to handle machines no longer authorized to be in Active Directory? Handle workstations differently than servers? How to handle machine renames? How to handle movement of computers between management unit OU’s? –Machine owner changes locations, and thus changes management unit

12 Future Directions Automated management of object location –Requires consistent OU structure within management units Feed Active Directory information back to authoritative data source –Usage information –Logging information

13 Design and Implementation Team Database –Miriam Maldonado –Stan Hall –Andrew Steele –Robbie Evanoff –Jim House Active Directory –Bob D’Spain –Jason Crenshaw –Bill Claycomb

14 Questions http://www.sandia.gov wrclayc@sandia.gov

Download ppt "Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram."

Similar presentations

ADManager Plus Simplify Your Active Directory Management.

ADManager Plus Simplify Your Active Directory Management.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Unstructured Data Partitioning for Large Scale Visualization CSCAPES Workshop June, 2008 Kenneth Moreland Sandia National Laboratories Sandia is a multiprogram.

Unstructured Data Partitioning for Large Scale Visualization CSCAPES Workshop June, 2008 Kenneth Moreland Sandia National Laboratories Sandia is a multiprogram.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Software Asset Management at Sandia National Laboratories NLIT Summit 2009 June 2, 2009 Ramona K. Gallegos Programmer/Analyst Andrew H. Steele Programmer/Analyst.

Software Asset Management at Sandia National Laboratories NLIT Summit 2009 June 2, 2009 Ramona K. Gallegos Programmer/Analyst Andrew H. Steele Programmer/Analyst.
Presented by: Mark Hendricks

Presented by: Mark Hendricks
Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.

Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 3 / 12 CHAPTER Databases MIS105 Lec14 Irfan Ahmed Ilyas.

11 3 / 12 CHAPTER Databases MIS105 Lec14 Irfan Ahmed Ilyas.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
ESupport Shifting Customers to the Internet for Support Published: January 2002.

ESupport Shifting Customers to the Internet for Support Published: January 2002.
Chapter 1 Introduction to Databases

Chapter 1 Introduction to Databases
SAND Number: 2013-8081 P Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department.

SAND Number: P Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Similar presentations

Ads by Google