Skip to content

Active Directory (AD) consolidation

About

Multiple Active Directory (AD) domains exist across the University of Utah. This project will focus on consolidating these AD domains into a single, central AD (ad.utah.edu).

Why

Microsoft has made the recommendation for the University of Utah to consolidate AD domains. This configuration will provide a more secure and reliable AD service. University leadership, with the support of the Strategic Information Technology Committee (SITC), has agreed to implement the recommendation.

Scope

The current scope is for all trusted and child domains, except for exemptions approved by Information Security Office (ISO). This project will include consolidating those domains into the ad.utah.edu domain as an “OU” (organizational unit) container. This means that all directory objects (e.g., users, computers, groups, and permissions) in the trusted or child domain will be incorporated and fall under the central directory in a hierarchical fashion, rather than being connected and operating side-by-side.

Get started

The AD technical team will hold a planning meeting with administrators for each trusted or child domain that is to be migrated into the central directory. The teams will carefully strategize and document details of the migration to ensure that users are able to function normally on a daily basis. Wherever possible, the project team will develop scripts to automate the process and mitigate potential errors.

Training

FAQ

The university's Chief Information Security Officer will give final approval for exemptions. You may start the approval process by contacting IAM Associate Director Dave Packham at dave.packham@utah.edu.

Submit a service request, and designate the assignment group as UIT – ISO IAM (Identity and Access Mgmt).

Resources

Knowledge Base articles:

Last Updated: 10/11/24