Integration with Active Driectory, Ugla And Unix by zwj23860


									         University of Iceland
     Reiknistofnun Háskóla Íslands

                              Presented By:
                                 Anil Thapa
                                  Siggi Som
                              Ragnar Stefan
RHI: Anil Thapa, Jan, 2007     Elias Halldor
                • Current Issue
                • Windows NT (Brief)
                • User creation method ( Existing /mainly How )
                • Context Diagram of User Creation Method
                • Testing outcomes, problems and Difficulties
                • New Approach & Context Diagram
                • New Strategy selection
                • Users structure in AD and UNIX
                • User effects
                • Ugla – LDAP changes and structure (Ragnar)
                • Changes in UNIX (Magnus/Elias)
                • New domain structure and future attachments
                • Questions - Answers ?

RHI: Anil Thapa, 2007
                                                           Administrators = total users
                                                           E.g.: installing s/w, changing
                                                                     setting etc,

       Current Issues
                                                            say- 10,000 users = 10,000
                                                                 admins (not good)

      Two   user accounts per user (staff); regular user and administrator
      All logon locally (network drives are mapped with local logon scripts
      Computers are not joined into the Domain.
      Only computer labs are joined in the domain RHI (NT)
      Policies applied locally (User/computer)
      Difficulties in patch management and S/W deployment.
      Lacking in central management
      Unmanageable due to user demands of new requirements – e.g. :
       constant updates/ advanced S/W (AutoCAD)
      Many scripts to run in individual systems (eg: unix etc)

RHI: Anil Thapa, Jan, 2007
      Windows NT (Brief)

     Fullyfunctional (No problem in existing infrastructure)
     Works only as an Interface for domain users
     Has a PDC / BDC infrastructure
     Approximately 16000 users in same container
     Old System (M/S NOS generation)
     New feature not supported, E.g.: patch management, GPO’s
     Microsoft has discontinued releasing updates

RHI: Anil Thapa, Jan, 2007
   Users Creation
                                                                                  Process          Process         Process
                                                                      Process A     B                C               D

   How users are created in Windows domain ?

                                           Hence: users are not                        Ugla
                                      directly created in NT domain


    • Ugla has been used to create users in                                           deatils in
                                                                                       txt files

    NT Domain and generate passwords
    • user modification has also been dealt
    with via ugla.


        • Too many scripts to Run
        • Slower process                                              NT ( RHI)

        • Creation takes time due to many systems
        • User has to wait for some time                                                Symbols:

                                                                                                   Operating Systems

                                                                                                    Data Replicator

RHI: Anil Thapa, Jan, 2007
   New Approach:                                         Process A

 • Use Ugla to add users to LDAP server
 • LDAP server then distributes (synchronizes to other
 • Setup Fedora Directory Server with purposed                             Ugla
 • Implement Active Directory
 • Migrate users + passwords from UNIX and
 synchronize with FDS
 • Discontinue RHI domain (NT), Start using CS

   Benefits:                                                                        Active             Other
                                                     UNIX            Samba
   • Saving time for (S/W) engineers
                                                                                   Direcotry          Systems

   • Ease in s/w deployment, Patch                                               Symbols:
   management and Policy                                                                        Operating Systems

                                                                                                 Data Replicator
   • Central Administration                                                                       Proceses
RHI: Anil Thapa, Jan, 2007
   Problems and Difficulties :                                                      Process      Process        Process
                                                                      Process A        B            C              D

       CAT – 1

        • Finding root cause analysis in creating users
          (at least in my team)                                                         Ugla
        • Lacking in understanding current user creation method

                                         (existing Users) i.e systems use
       CAT -2                                  different algorithms                       LDAP

        Passwords did not synchronize with LDAP and Active directory
        Many alternative methods used to make new approach work
        After numerous tests – concluded with different route
                                                                                               Active           Other
                                                                   UNIX           Samba
                                                                                              Direcotry        Systems

       Q: Why it took so long ?
                                                                                                 Operating Systems
          Well !! Many reasons
       (Uniqeue method trying to implement)                                                       Data Replicator

RHI: Anil Thapa, Jan, 2007
  New Strategy selection
    Three techniques discussed
      1. Capturing passwords from Ugla and
         append to Active directory
      2. Manual password change (tedious work)                      Ugla
      3. Write a program (for Ugla) that can create
        users in Active Directory – (migrate existing users +
    passwords from NT to AD)

    Successful Results                                     UNIX     LDAP
    • Adopted number 3 solution - Perfectly fitted into
    the systems

RHI: Anil Thapa, Jan, 2007
  Users structure in Active Directory
          • Made similar to Unix
          • All groups in UNIX – OU’s in Active Directory (magnus‘s final list)
            (total groups & OUs)
          • Users are created directly to the relevant OU (AD)
          • Users are activated as soon as they are created in OU

          What Next :
          • CS lab (small) and Helpdesk will be joined into CS domain
          • Observe the outcome – slowly join all the labs and beyond
          • Continue NT domain for backup
          • Encourage others (staff) to join CS domain

        User Effects
          1. There will be no effect to the users.
          2. Login process is exactly the same.
          3. User might have to do domain selection for a while.

RHI: Anil Thapa, Jan, 2007
       Our Endeavour:                                                                                Departments approach
                                                                                                        or wish to join





                          CS                                                                                       Replication




RHI: Anil Thapa, Jan, 2007
    Conclusion:                                                  Ultimate goal

     • Vital tool – communication
     • Achieved several milestones
     • Tremendous team work for this to happen
     • Many lessons learned during the time of this project

    Long-term goal
    •Encourage every user to use CS domain                    UNIX               Directory
    •Reduce number of systems and make Ugla a focal point     LDAP                  (CS)
     for entire systems
    •Many more

                             Questions ?
                             Panel Invitations
RHI: Anil Thapa, Jan, 2007
                             Thank you
        Comments, suggestions and feedback -

RHI: Anil Thapa, Jan, 2007

To top