In a move that is hopefully invisible to most Lab staff, ITSD has been moving NT4 Master Domain file and print sharing accounts to a new Microsoft Active Directory environment, with the goal of retiring the current NT4 domain by the end of 2004. Windows NT4 is approaching its end of life, NT4 workstations this year and NT4 servers at the end of 2004. More than 80 users have been migrated to Active Directory during the first four months of a highly successful trial deployment.

The move is expected to reduce costs and improve security for users of the systems. Active Directory provides an upgrade path for scientific customers currently using Windows NT4 for file and print sharing. CITG plans to offer a more seamless connection between the Novell eDirectory and Windows Active Directory environments the future, allowing for single username and password between the two systems.

The Active Directory upgrade offers a parallel infrastructure to the existing Novell eDirectory infrastructure to Lab. The Novell infrastructure will continue to be the primary file and print service at the Lab, providing centralized home directories, printing and application distribution for the foreseeable future.

Current plans call for converting individual user accounts on the NT4 master domain as staff in the Mac/PC Support Group (MPSG) are able to identify and make contact with users. The conversion procedure takes less than 30 minutes. Beginning August 1st, CITG only creates new NT4 domain accounts for people with a required need to access NT4 domain information. Those not needing this access will be given an Active Directory account when requesting a domain account.

More complex conversions involving customer-maintained NT4 domains will occur during the next year. The initial focus of these domain migrations has been in Calvin Lab (Physical Biosciences) and Earth Sciences. Current domain administrators will continue to do their work as organizational unit (OU) administrators in Active Directory. An introductory one-day OU management and conversion class has been developed for ITSD support staff and administrators of NT4 environments that want to move forward.

Active Directory represents a cost savings to divisions with their own NT4 infrastructure. Domain controllers will be maintained by ITSD. Windows Active Directory integration with DNS has been configured for the Lab environment. Customers only have to concern themselves with the application and file servers used to support their business. In addition, central support of Active Directory means that the ITSD Help Desk will be able to establish accounts and reset passwords for user, relieving local system administration staff of the burden of these routine jobs.

Finally, with the completion of the Termination Notification System (TNS) rollout, Active Directory accounts can be included in the notification process, improving cyber security by insuring the timely disabling and deleting of accounts for departing staff.

One change that is based more on security policy rather than the conversion to Active Directory involves the use of complex passwords. The Active Directory environment has been set up to require complex passwords (eight or more characters, including upper and lower case letters, numbers and/or special characters). See the Password Guidelines Web page for guidance.