Active Directory Frequently Asked Questions (FAQ)

Computing Topics --> Help With Application Programs --> Suites --> Microsoft Office --> Active Directory Frequently Asked Questions (FAQ) -->

Active Directory Frequently Asked Questions (FAQ)

Why should I join?
Is there a cost for joining Active Directory (AD)?
Will OIT setup one way/two way trust between their AD and already established departmental AD's?
How will user accounts be setup in AD?
What will I be able to do as an OU administrator?
What services will be offered by the Office of Information Technology (OIT) to help with migrations from Novell and/or existing Windows environments to OIT's AD?
Will OIT provide support for Macintosh servers and desktops in Active Directory?
Will OIT provide connectivity for UNIX and Linux systems to Active Directory resources?
What is the timeline for deploying Active Directory into production?
How should I proceed with bringing my department into the Windows/Active Directory world?
Where can I find pricing on Microsoft products?
How do I stay informed on the progress of the Active Directory project, meetings, and presentations given by Microsoft and vendors?

Frequently Asked Questions About Active Directory (AD)

Why should I join?

Joining the Office of Information Technology (OIT) Active Directory Infrastructure provides a number of significant benefits. Membership in the central "forest" (group of domains) provides your group with the benefits of integration with many of OIT's other systems; at the same time, your group retains considerable autonomy in its local domain. Specific benefits include:

Integration with existing services: Services, such as authentication, directory, and name resolution, are all integrated with the existing OIT infrastructure. That means that once your computer joins the infrastructure, you can simply log in and take advantage of Windows functionality.
Managed infrastructure: OIT manages and backs up DNS, directory replication, and domain controllers; monitors the environment 24/7; and provides a physically secure environment for domain controllers. The savings in asset costs, as well as reduced support staff overhead, can be significant.
Increased security: Windows 2003 uses Kerberos, a network authentication protocol designed to provide enhanced security for client/server applications. Recommended best practices and templates also contribute to a safe environment. And, both the campus Security Office and the UMD Windows Infrastructure group closely monitor and evaluate computer activity across the campus network.
Central account management: All single sign-on account creation, deletion, and password reset processes are managed through the Active Directory, the Campus Directory, and the password page. Local administrators will still have full autonomy over local resources but will be relieved of the repetitive tasks of account management. Groups that exist or are created in the campus registry automatically become Windows 2003 security groups. Changes to a person's departmental affiliation are automatically reflected in the Windows Infrastructure.
Higher availability: Servers will be strategically positioned in different locations on and off campus for redundancy.
Increased reliability: Greater automation features allow administrators to specify the type of applications to be automatically distributed to users at specific times
Enhanced manageability: AD simplifies system management by providing a single, consistent point of management for users, applications, and devices
Scalability: Comprehensive directory services provides resource- and information-sharing and extends interoperability, reducing the total cost of ownership

Is there a cost for joining Active Directory?

There is no cost to join the Active Directory Infrastructure. However, for people who are new to the windows environment (migrating from Novell) or migrating/upgrading software or hardware in existing environments, there will be costs for hardware, software, and licenses.

Will OIT setup one way/two way trust between their AD and already established departmental AD's

Per Microsoft's best practices, OIT will only establish a trust for the purposes of migrating an existing departmental forest into OIT's AD infrastructure.

How will user accounts be created in AD?

User's accounts will be created and synchronized with the campus directory using Microsoft's Identity Lifecycle Manager (ILM) server.

What will I be able to do as an OU administrator?

As an administrator of an Organizational Unit (OU), you will have full administrator rights except for the ability to create user objects (all user management is centrally controlled) and the ability to alter the schema (the schema is shared by all groups in the domain and changes are not reversible).

What services will be offered by OIT to help with migrations from Novell and/or existing Windows environments to OIT's AD?

OIT is currently testing migration tools by Quest Software. Departments will be responsible for the cost of the migration licenses. Departments that currently have server support contracts will not be charged for technicians time. OIT is in the process of determining costs for departments without a server contract that want to use OIT services to migrate.

Will OIT provide support for Macintosh servers and desktops in Active Directory?

Macintosh servers and desktops will be supported with in the Active Directory infrastructure. There are connectivity issues that are resolved with 3rd party software. Please contact the server group (server-group@umd.edu) for more information.

Will OIT provide connectivity for UNIX and Linux systems to Active Directory resources?

During the initial roll out, we will focus mainly on Windows and Macintosh connectivity to Active Directory. Connectivity for UNIX and Linux systems will be addressed later in 2008.

What is the timeline for deploying Active Directory into production?

The current timeline is for OIT to migrate internal desktops in March of 2008 and open up migrations to campus departments starting in June of 2008.

How should I proceed with bringing my department into the Windows/Active Directory world?

Contact OIT's Windows Server Group (server-group@umd.edu) to setup a meeting to discuss your needs, answer your questions, and get additional information. It is strongly recommended that before joining the production Active Directory infrastructure, you round up some test computers, and join OIT's Windows test forest to get some real hands-on experience running Windows/Active Directory. After you're satisfied that the Windows environment will meet your needs, you can join the Windows production forest.

Where can I find pricing on Microsoft products?

For current pricing on Microsoft products, please check OIT's Site License page at http://www.oit.umd.edu/slic/products/microsoft/

How do I stay informed on the progress of the Active Directory project, meetings, and presentations given by Microsoft and vendors?

To get the latest information on the progress of the project, meeting, and upcoming presentations, you can do the following:

Subscribe to the Active Directory listserv by sending an e-mail to listserv@listserv.umd.edu and in the body of the message type
```
sub umd-ad your-first-and-last-name
```
For more information on subscribing to a listserv visit A Basic Guide to Listserv Lists.
View the status section of the What is Active Directory? webpage for the latest project information.
Send mail to server-group@umd.edu

How do I:
Get an account Change a password Set up e-mail Eliminate a computer virus Protect myself from computer viruses	Use the network Find a computer lab Use Coursemail Use ELMS Check my Directory information	Set or change my Directory password Find my IP address Use the LPCR teller Troubleshoot an e-mail problem