9.4.1_TTU-Specific Technical - Intro to TTU Domain

9.4.1_TTU-Specific Technical - Intro to TTU Domain
Module Title:
Course Number:
Intro to TTU Domain
<Describe the module in 1-3 sentences>
45 Minutes
<Location, Technology, Office Supplies, Trainers, etc.>
<List any attached files or documents>
<What is this module aimed at achieving?>
<Describe any methods of assessment that will be employed in the module (i.e.
written quiz, test calls, verbal review, etc.>
i. For this topic we are going to discuss the Texas Tech domain and its uses. We
will also discuss domain access and queries.
Definition of Domain
a. Domain Name
i. A domain name provides a recognizable name to addressed Internet/intranet
resources. For example: google.com.
b. Windows Server Domain
i. Is a logical group of computers, users and groups of users that share a directory
database. This is the definition we will use for this topic. The central database
is called Active Directory. The directory database is held on computers that are
configured as “domain controllers.” These domain controllers manage security,
administration and interactions.
Advantages of a Domain
a. Managing Computers
i. Permissions can be easily set for each computer. Active Directory also allows
remote management and provides a mechanism by which other services can
provide software distribution.
b. Managing Users
i. Permissions are changed from a central location. With the 1000s of options
available, you can change the user’s ability to do something (for example:
installing a printer) on any computer on the domain.
c. Managing Groups
i. Users can be collected into groups. One example of a group is the Help Desk SA
group. From Active Directory, the permission can be granted to a group instead
of the individual users. This cuts down the cost and time required when adding
permissions to resources and computers.
Discussion of LDAP
a. Definition of LDAP
i. Lightweight Directory Access Protocol
b. Different Versions of LDAP
i. Apache Directory Server
ii. Apple Open Directory
iii. Novell eDirectory
iv. OpenLDAP
v. Microsoft Active Directory
9.4.1_TTU-Specific Technical - Intro to TTU Domain
c. Texas Tech’s Implementation of LDAP
i. Active Directory
ii. Created by Microsoft
Use of Active Directory
a. Requirements
i. Adminpak.msi needs to be installed (can be downloaded from the Microsoft
ii. Computer has to be added to the domain
iii. Must be connected to the network
iv. Windows XP Professional, Windows Vista Business and up
b. Several Different Types of Active Directory Management
i. Active Directory Users and Computers
1. This is the one you will use to query.
ii. Active Directory Sites and Services
iii. Active Directory Domains and Trusts
c. Different Locations of Active Directory
i. Start -> All Programs -> Administrative Tools
ii. Start -> Settings -> Control Panel -> Administrative Tools
iii. A shortcut can be created in any folder
d. Pitfalls to Avoid When Searching AD
i. Jhershen example (screenshots in folder)
Alternative to Active Directory
a. Command Line
i. Start -> Run -> “cmd”
ii. Type “net user ERAIDER /domain” where ERAIDER = the customer’s eRaider
Domain Services
a. Techmail
i. OWA
ii. POP3
iii. IMAP
iv. SMTP
v. Activesync for Exchange
b. Wireless
c. Computer Labs
d. VPN
e. File Share
f. FTP
g. Communicator
h. Software Download on eRAMS (eRaider Account Management System)
i. Others
i. Any service that authenticates against the domain, (VNC, and various webapps
can be setup with this authentication)
Items not affected by the domain
a. eRAMS (eRaider Account Management System)
i. Important to note because even if the customer is locked out, the customer can
still check their password by attempting to login to eRaider
ii. This goes along with any webapp that requires the eRaider shim.
9.4.1_TTU-Specific Technical - Intro to TTU Domain
b. Raiderlink
c. Mainframe
d. WebCT/Blackboard
a. Lockout Time: 15 minutes
i. Six bad passwords within 15 minutes will cause a lockout for 15 minutes
b. Getting Unlocked
i. Accounts unlock automatically after 15 minutes. Often, on most domains, any
Domain Administrator can physically unlock an account but this is not a policy
set for Texas Tech. All users have to wait the required time.
c. Cause of Lockout: 6 incorrect passwords on a Domain Service
i. Six incorrect passwords on a Domain Service will cause a lockout.
d. Lookup of Lockout
i. Kbase Keyword: Search Active Directory to See if an Account is Locked
Chronic Lockouts
i. There may be cases where the user is getting locked out repeatedly. Make sure
to tell them to restart any device or computer that is either on the domain or
using a service from the domain.
ii. Common applications that causes chronic lockout are Microsoft Outlook,
PDAs/Smart Phones setup with Exchange/Email and Wireless authentication.
Permission Management
a. Organizational Units
i. Is used to create a hierarchy of containers in a domain.
ii. Is used to differentiate between objects with the same name.
iii. Manage objects collectively.
iv. Can have nested OUs, as one OU contains another OU.
v. The Texas Tech OU structure is done by department.
b. Group Policy
i. Group Policies are rules, permissions and policies set to manage computer
ii. Group Policies can be applied to the whole domain or can be applied to an OU.
1. The most common domain level Group Policy is the password policy.
c. Functional Mailboxes
i. A functional mailbox is one of the options given to organizations so that they
can receive email on one account (For example: admissions@ttu.edu).
Permissions can be set for a group to have access to this functional mailbox.
a. Definition of NSC
i. Network Site Coordinator
ii. Every department requires one NSC
b. Definition of NSS
i. Network Site Specialist
ii. Optional
iii. Can have many
iv. Assistant to the NSC
c. NSCs are given specific access to their department
i. The OU is configured so that the departmental NSC has full administrative
access to all objects in that OU.
9.4.1_TTU-Specific Technical - Intro to TTU Domain
d. Contact List
i. Found in the k-base with keyword: “NSC/NSS Contact List”
e. Never refer a customer to their NSC/NSS
i. It is our responsibility to relay specific information to their NSC/NSS and ask
f. IT Help Central
i. Is designated as NSS for many departments which allows us to help them
manage their groups and computers in AD. However, the ultimate authority for
that department’s resources lies with its NSC, so we check with them first
before making changes.
ii. IT Help Central is the NSC for the residence halls. Never refer a student to their
NSC. First, they don’t know what that means and second, we’re their NSC!
g. Appointing or replacing an NSC
i. Kbase keyword: “Appoint a Network Site Coordinator (NSC)”
h. Appointing or replacing an NSS
i. Kbase keyword: “Appoint a Network Site Specialist(NSS)”
i. Refer NSCs or NSSs Directly to NOC
i. Kbase keyword: “Refer NSCs or NSSs Directly to NOC”
How eRaider affects the TTU Domain
a. eRaider User Accounts and Domain User Accounts are separate
i. even though to our customers they are the same account
b. Accounts do not show up in AD until they have been activated in eRaider
i. You might be able to find an account with an eRaider username but not be able
to find it in AD. That would indicate it hasn’t been activated yet.