Integration with Active Driectory, Ugla And Unix by zwj23860

VIEWS: 5 PAGES: 12

									         University of Iceland
     Reiknistofnun Háskóla Íslands




                              Presented By:
                                 Anil Thapa
                                  Siggi Som
                              Ragnar Stefan
                                   Haraldur
                                    Steingro
RHI: Anil Thapa, Jan, 2007     Elias Halldor
           MainTopics
                • Current Issue
                • Windows NT (Brief)
                • User creation method ( Existing /mainly How )
                • Context Diagram of User Creation Method
                • Testing outcomes, problems and Difficulties
                • New Approach & Context Diagram
                • New Strategy selection
                • Users structure in AD and UNIX
                • User effects
                • Ugla – LDAP changes and structure (Ragnar)
                • Changes in UNIX (Magnus/Elias)
                • New domain structure and future attachments
                • Questions - Answers ?


RHI: Anil Thapa, 2007
                                                           Administrators = total users
                                                           E.g.: installing s/w, changing
                                                                     setting etc,


       Current Issues
                                                            say- 10,000 users = 10,000
                                                                 admins (not good)




      Two   user accounts per user (staff); regular user and administrator
      All logon locally (network drives are mapped with local logon scripts
      Computers are not joined into the Domain.
      Only computer labs are joined in the domain RHI (NT)
      Policies applied locally (User/computer)
      Difficulties in patch management and S/W deployment.
      Lacking in central management
      Unmanageable due to user demands of new requirements – e.g. :
       constant updates/ advanced S/W (AutoCAD)
      Many scripts to run in individual systems (eg: unix etc)




RHI: Anil Thapa, Jan, 2007
      Windows NT (Brief)


     Fullyfunctional (No problem in existing infrastructure)
     Works only as an Interface for domain users
     Has a PDC / BDC infrastructure
     Approximately 16000 users in same container
     Old System (M/S NOS generation)
     New feature not supported, E.g.: patch management, GPO’s
     Microsoft has discontinued releasing updates




RHI: Anil Thapa, Jan, 2007
   Users Creation
                                                                                  Process          Process         Process
                                                                      Process A     B                C               D




   How users are created in Windows domain ?

                                           Hence: users are not                        Ugla
                                      directly created in NT domain

                                                                                        Users

    • Ugla has been used to create users in                                           deatils in
                                                                                       txt files

    NT Domain and generate passwords
    • user modification has also been dealt
    with via ugla.
                                                                                                                 LDAP




                                                                           ipts
                                                                       UNIX


     Concern:
        • Too many scripts to Run
        • Slower process                                              NT ( RHI)


        • Creation takes time due to many systems
        • User has to wait for some time                                                Symbols:

                                                                                                   Operating Systems


                                                                                                    Data Replicator

                                                                                                      Proceses
RHI: Anil Thapa, Jan, 2007
   New Approach:                                         Process A
                                                                       Process
                                                                          B
                                                                                      Process
                                                                                         C
                                                                                                        Process
                                                                                                           D




 • Use Ugla to add users to LDAP server
 • LDAP server then distributes (synchronizes to other
 systems)
 • Setup Fedora Directory Server with purposed                             Ugla
 configuration.
 • Implement Active Directory
 • Migrate users + passwords from UNIX and
                                                                             LDAP
 synchronize with FDS
 • Discontinue RHI domain (NT), Start using CS
 domain

   Benefits:                                                                        Active             Other
                                                     UNIX            Samba
   • Saving time for (S/W) engineers
                                                                                   Direcotry          Systems



   • Ease in s/w deployment, Patch                                               Symbols:
   management and Policy                                                                        Operating Systems

   implementations.
                                                                                                 Data Replicator
   • Central Administration                                                                       Proceses
RHI: Anil Thapa, Jan, 2007
   Problems and Difficulties :                                                      Process      Process        Process
                                                                      Process A        B            C              D




       CAT – 1

        • Finding root cause analysis in creating users
          (at least in my team)                                                         Ugla
        • Lacking in understanding current user creation method


                                         (existing Users) i.e systems use
       CAT -2                                  different algorithms                       LDAP

        Passwords did not synchronize with LDAP and Active directory
        Many alternative methods used to make new approach work
        After numerous tests – concluded with different route
                                                                                               Active           Other
                                                                   UNIX           Samba
                                                                                              Direcotry        Systems


                                                                                    Symbols:
       Q: Why it took so long ?
                                                                                                 Operating Systems
          Well !! Many reasons
       (Uniqeue method trying to implement)                                                       Data Replicator

                                                                                                    Proceses
RHI: Anil Thapa, Jan, 2007
  New Strategy selection
    Three techniques discussed
      1. Capturing passwords from Ugla and
         append to Active directory
      2. Manual password change (tedious work)                      Ugla
      3. Write a program (for Ugla) that can create
        users in Active Directory – (migrate existing users +
    passwords from NT to AD)



    Successful Results                                     UNIX     LDAP
                                                                            Active
                                                                           Directory
    • Adopted number 3 solution - Perfectly fitted into
                                                                             (CS)
    the systems




                                                          NT(RHI)
RHI: Anil Thapa, Jan, 2007
  Users structure in Active Directory
          • Made similar to Unix
          • All groups in UNIX – OU’s in Active Directory (magnus‘s final list)
            (total groups & OUs)
          • Users are created directly to the relevant OU (AD)
          • Users are activated as soon as they are created in OU

          What Next :
          • CS lab (small) and Helpdesk will be joined into CS domain
          • Observe the outcome – slowly join all the labs and beyond
          • Continue NT domain for backup
          • Encourage others (staff) to join CS domain

        User Effects
          1. There will be no effect to the users.
          2. Login process is exactly the same.
          3. User might have to do domain selection for a while.


RHI: Anil Thapa, Jan, 2007
       Our Endeavour:                                                                                Departments approach
                                                                                                        or wish to join


                                                                   AD
                                                                                                                                                                            AD

                                                                  Replication
                                                                                                                                                                           Replication

                                            Embla.ad.rhi.hi.is                  Askur.ad.rhi.hi.is
                                                                                                                                                      Embla.ad.rhi.hi.is                 Askur.ad.rhi.hi.is




                                                                                                                   CS

                          CS                                                                                       Replication

                                                                                                      Huginn.cs.ad.rhi.hi.isMuininn.ad.cs.rhi.hi.is




                          Replication


 Huginn.cs.ad.rhi.hi.is                 Muininn.ad.cs.rhi.hi.is



                                                                                                                                               TG

RHI: Anil Thapa, Jan, 2007
                                                                                                                                          TG.cs.ad.rhi.hi.is
    Conclusion:                                                  Ultimate goal



     • Vital tool – communication
                                                                        Ugla
     • Achieved several milestones
     • Tremendous team work for this to happen
     • Many lessons learned during the time of this project

    Long-term goal
                                                                                   Active
    •Encourage every user to use CS domain                    UNIX               Directory
    •Reduce number of systems and make Ugla a focal point     LDAP                  (CS)
     for entire systems
    •Many more


                             Questions ?
                             Panel Invitations
RHI: Anil Thapa, Jan, 2007
                             Thank you
        Comments, suggestions and feedback -
                    anilth@hi.is




RHI: Anil Thapa, Jan, 2007

								
To top