Active Directory (AD) consolidation
About
Multiple Active Directory (AD) domains exist across the University of Utah. This project will focus on consolidating these AD domains into a single, central AD (ad.utah.edu).
Why
Microsoft has made the recommendation for the University of Utah to consolidate AD domains. This configuration will provide a more secure and reliable AD service. University leadership, with the support of the Strategic Information Technology Committee (SITC), has agreed to implement the recommendation.
Scope
The current scope is for all trusted and child domains, except for exemptions approved by Information Security Office (ISO). This project will include consolidating those domains into the ad.utah.edu domain as an “OU” (organizational unit) container. This means that all directory objects (e.g., users, computers, groups, and permissions) in the trusted or child domain will be incorporated and fall under the central directory in a hierarchical fashion, rather than being connected and operating side-by-side.
Get started
The AD technical team will hold a planning meeting with administrators for each trusted or child domain that is to be migrated into the central directory. The teams will carefully strategize and document details of the migration to ensure that users are able to function normally on a daily basis. Wherever possible, the project team will develop scripts to automate the process and mitigate potential errors.
Training
- Review the UIT Knowledge Base article Active Directory (AD) naming conventions and org prefixes
FAQ
The university's Chief Information Security Officer will give final approval for exemptions. You may start the approval process by contacting IAM Associate Director Dave Packham at dave.packham@utah.edu.
Submit a service request, and designate the assignment group as UIT – ISO – IAM (Identity and Access Mgmt).
Resources
Knowledge Base articles: