Active Directory (AD) consolidation
Multiple Active Directory (AD) domains exist across the University of Utah. This project will focus on consolidating these AD domains into a single, central AD (ad.utah.edu).
Microsoft has made the recommendation for the University of Utah to consolidate AD domains. This configuration will provide a more secure and reliable AD service. University leadership, with the support of the Strategic Information Technology Committee (SITC), has agreed to implement the recommendation.
The current scope is for all trusted and child domains, except for exemptions approved by Information Security Office (ISO). This project will include consolidating those domains into the ad.utah.edu domain as an “OU” (organizational unit) container. This means that all directory objects (e.g., users, computers, groups, and permissions) in the trusted or child domain will be incorporated and fall under the central directory in a hierarchical fashion, rather than being connected and operating side-by-side.
The AD technical team will hold a planning meeting with administrators for each trusted or child domain that is to be migrated into the central directory. The teams will carefully strategize and document details of the migration to ensure that users are able to function normally on a daily basis. Wherever possible, the project team will develop scripts to automate the process and mitigate potential errors.
- Review the UIT Knowledge Base article Active Directory (AD) naming conventions and org prefixes
The university's Chief Information Security Officer will give final approval for exemptions. You may start the approval process by contacting Enterprise Security Associate Director Jake Johansen at firstname.lastname@example.org.
Submit a service request, and designate the assignment group as UIT – ISO – IAM (Identity and Access Mgmt).
Knowledge Base articles: