Windows 2000

Presented to CCC

by

Pat Schneider

May 23, 2001

Windows 2000

• History of the project

• Current status

• Future steps/phases

Windows 2000

• Brief History of the Windows 2000 Project– Received Beta 1 release in October 1997

Windows 2000

• Brief History of the Windows 2000 Project– Received Beta 1 release in October 1997– Project kickoff in April 1999• Participating Units – College of Engineering, ASU

West, ASU East, Information Technology

Windows 2000

• Brief History of the Windows 2000 Project– Expansion of the project• Other units joined the project

• Created various subcommittees– AD Model, Kerberos, Migration, Service Level

Agreement, Student Domain, Dfs, Group Policy, Documentation, Exchange 2000, QA Environment

Windows 2000

• Development of the test models– Several variations of forest/domain

infrastructures

Windows 2000

• Review by a Microsoft Consultant (August 2000)– http://www.asu.edu/it/w2k/documents.html

Windows 2000

• Final production model defined (September 2000)

Windows 2000

ECAPDC, RID

Infrastructure

OldMainGC

BACGC

ECAPDC, RID

Infrastructure

OldMainGC

BACGC

ECAPDC, RID

Infrastructure

OldMainGC

BACGC

Infrastructure

PDC,RIDGC

Infrastructure

PDC,RIDGC

AD.ASU.EDU(ASUAD)

(ASURITE)ASURITE.AD.ASU.EDU

(ASUSTUDENT)STUDENT.AD.ASU.EDU

WEST.AD.ASU.EDU

EAST.AD.ASU.EDU

Additional domainsOnly if necessaryxxx.AD.ASU.EDU

TransitionalDomains

xxx.AD.ASU.EDU

Site = MAIN

Site = WEST

Site = EASTArizona State University Active Directory Forest

Forest root domain name = AD.ASU.EDU

PMS 4/10/01

ASU Windows 2000 Domain Structure (4/10/2001)

Windows 2000

• Implemented empty root domain in production (September 2000)– AD.ASU.EDU– Provides a secured environment for schema

management

Windows 2000

• Implemented the ASURITE domain (October 2000)– ASURITE.AD.ASU.EDDU– Upgraded existing Windows NT 4.0 ASURITE

domain to Windows 2000

Windows 2000

• Created a Development Environment– TAD– TASURITE– TASUSTUDENT

Windows 2000

• Development of the Service Level Agreement (April 2001)– Outlined four options that a unit can choose

from for its environment• Responsibilities vary depending on the option

selected

– http://www.asu.edu/it/w2k/documents.html

Windows 2000

• Option 1 – Resource management via Organization Unit(s) in the ASURITE.AD.ASU.EDU or STUDENT.AD.ASU.EDU Domains– Units that do not have a Windows NT 4.0

domain and are using peer-to-peer networks; add only workstations to the domain

Windows 2000

• Option 2 – Member Server(s) in the ASURITE.AD.ASU.EDU or STUDENT.AD.ASU.EDU Domains– Units who currently have Windows NT 4.0

domains and will take advantage of centralized account creation/administration by bringing member servers into the ASURITE and/or STUDENT domain.

Windows 2000

• Option 3 – Separate Domain (child/peer) – Campus/College/VP Level Units Only– Units who currently have a Windows NT 4.0

domain and have a technical reason to maintain a separate domain.

Windows 2000

• Option 4 – Separate Forest– Units who do not want to participate in the

overall University Windows 2000 infrastructure

Windows 2000

• Current Project Status– AD.ASU.EDU forest created • Empty root

• Three domain controllers to support the forest– A-Wing, DataComm Room, BAC

Windows 2000

• Current Project Status– ASURITE.AD.ASU.EDU domain created • Upgrade of Windows NT 4.0 domain

• Three domain controllers to support the forest– A-Wing, DataComm Room, BAC

• Authentication domain

• Member servers will join this domain

Windows 2000

• Current Project Status– ASU West joined the production forest (May

2001)• Child domain

Windows 2000

• Subcommittee progress– AD Model• Working on defining OU structure for the ASURITE

domain

– Student Domain• Working on defining the needs/requirements for a

student domain

– Kerberos• Working on testing the integration of V5 Kerberos

with Windows 2000

Windows 2000

• Subcommittee progress– Group Policy• Defining how to apply group policy within the

individual OU’s

– Dfs• Testing out Dfs functionality

– QA Environment• Creating online request system• Re-defining the environment

Windows 2000

• Subcommittee progress– Migration Subcommittee• Evaluating 3rd party software to use for migrating

from Windows NT 4.0

• Documenting individual department environments

• Documenting various migration scenarios for department reference

– Exchange 2000• Testing out migrating from Windows NT 4.0 and

Exchange 5.5 to Windows 2000 and Exchange 2000

Windows 2000

• Other work in process– Evaluating performance and event log

monitoring software– Purchased Directory Analyzer to maintain the

integrity of the Active Directory

Windows 2000

• Future Steps/Phases– Implementing the AD model (June/July)• Establish the OU structure and delegate

permissions to the Unit Administrators

– Implementing the AP process (June/July)• Self-sub new users and put them in the Active

Directory, in appropriate departmental groups

Windows 2000

• Future Steps/Phases– Student Domain (Fall 2001)• Implement OU structure

• Implement AP process

– QA Environment (June – Sept.)• Re-build the environment (June/July)

• Implement requesting/tracking system (Sept.)

Windows 2000

• Future Steps/Phases– Documentation (June)• Complete all documentation defined in the SLA and

have it posted on the new Windows 2000 web page

• http://www.asu.edu/it/w2k/documents.html

– Exchange 2000• Upgrade current servers to Windows 2000 (Fall

2001)

• Upgrade current servers to Exchange 2000 (Fall 2001)

Windows 2000

• Future Steps/Phases– Kerberos implementation (?)• Integrate the ASUSTUDENT domain with Kerberos

authentication.

Windows 2000

• Future Steps/Phases– Enterprise application support– Overall Windows 2000 security– Windows XP

Windows 2000

• Questions & Comments