9.4.1_TTU-Specific Technical - Intro to TTU Domain Module Title: Course Number: Synopsis: Time: Resources: Attachments: Objectives: Assessment: Intro to TTU Domain 9.4.1 <Describe the module in 1-3 sentences> 45 Minutes <Location, Technology, Office Supplies, Trainers, etc.> <List any attached files or documents> <What is this module aimed at achieving?> <Describe any methods of assessment that will be employed in the module (i.e. written quiz, test calls, verbal review, etc.> Content: I. II. III. IV. Introduction i. For this topic we are going to discuss the Texas Tech domain and its uses. We will also discuss domain access and queries. Definition of Domain a. Domain Name i. A domain name provides a recognizable name to addressed Internet/intranet resources. For example: google.com. b. Windows Server Domain i. Is a logical group of computers, users and groups of users that share a directory database. This is the definition we will use for this topic. The central database is called Active Directory. The directory database is held on computers that are configured as “domain controllers.” These domain controllers manage security, administration and interactions. Advantages of a Domain a. Managing Computers i. Permissions can be easily set for each computer. Active Directory also allows remote management and provides a mechanism by which other services can provide software distribution. b. Managing Users i. Permissions are changed from a central location. With the 1000s of options available, you can change the user’s ability to do something (for example: installing a printer) on any computer on the domain. c. Managing Groups i. Users can be collected into groups. One example of a group is the Help Desk SA group. From Active Directory, the permission can be granted to a group instead of the individual users. This cuts down the cost and time required when adding permissions to resources and computers. Discussion of LDAP a. Definition of LDAP i. Lightweight Directory Access Protocol b. Different Versions of LDAP i. Apache Directory Server ii. Apple Open Directory iii. Novell eDirectory iv. OpenLDAP v. Microsoft Active Directory 9.4.1_TTU-Specific Technical - Intro to TTU Domain V. VI. VII. VIII. c. Texas Tech’s Implementation of LDAP i. Active Directory ii. Created by Microsoft Use of Active Directory a. Requirements i. Adminpak.msi needs to be installed (can be downloaded from the Microsoft Website) ii. Computer has to be added to the domain iii. Must be connected to the network iv. Windows XP Professional, Windows Vista Business and up b. Several Different Types of Active Directory Management i. Active Directory Users and Computers 1. This is the one you will use to query. ii. Active Directory Sites and Services iii. Active Directory Domains and Trusts c. Different Locations of Active Directory i. Start -> All Programs -> Administrative Tools ii. Start -> Settings -> Control Panel -> Administrative Tools iii. A shortcut can be created in any folder d. Pitfalls to Avoid When Searching AD i. Jhershen example (screenshots in folder) Alternative to Active Directory a. Command Line i. Start -> Run -> “cmd” ii. Type “net user ERAIDER /domain” where ERAIDER = the customer’s eRaider username Domain Services a. Techmail i. OWA ii. POP3 iii. IMAP iv. SMTP v. Activesync for Exchange b. Wireless c. Computer Labs d. VPN e. File Share f. FTP g. Communicator h. Software Download on eRAMS (eRaider Account Management System) i. Others i. Any service that authenticates against the domain, (VNC, and various webapps can be setup with this authentication) Items not affected by the domain a. eRAMS (eRaider Account Management System) i. Important to note because even if the customer is locked out, the customer can still check their password by attempting to login to eRaider ii. This goes along with any webapp that requires the eRaider shim. 9.4.1_TTU-Specific Technical - Intro to TTU Domain IX. X. XI. XII. b. Raiderlink c. Mainframe d. WebCT/Blackboard Lockout a. Lockout Time: 15 minutes i. Six bad passwords within 15 minutes will cause a lockout for 15 minutes b. Getting Unlocked i. Accounts unlock automatically after 15 minutes. Often, on most domains, any Domain Administrator can physically unlock an account but this is not a policy set for Texas Tech. All users have to wait the required time. c. Cause of Lockout: 6 incorrect passwords on a Domain Service i. Six incorrect passwords on a Domain Service will cause a lockout. d. Lookup of Lockout i. Kbase Keyword: Search Active Directory to See if an Account is Locked Chronic Lockouts i. There may be cases where the user is getting locked out repeatedly. Make sure to tell them to restart any device or computer that is either on the domain or using a service from the domain. ii. Common applications that causes chronic lockout are Microsoft Outlook, PDAs/Smart Phones setup with Exchange/Email and Wireless authentication. Permission Management a. Organizational Units i. Is used to create a hierarchy of containers in a domain. ii. Is used to differentiate between objects with the same name. iii. Manage objects collectively. iv. Can have nested OUs, as one OU contains another OU. v. The Texas Tech OU structure is done by department. b. Group Policy i. Group Policies are rules, permissions and policies set to manage computer resources. ii. Group Policies can be applied to the whole domain or can be applied to an OU. 1. The most common domain level Group Policy is the password policy. c. Functional Mailboxes i. A functional mailbox is one of the options given to organizations so that they can receive email on one account (For example: admissions@ttu.edu). Permissions can be set for a group to have access to this functional mailbox. NSC and NSS a. Definition of NSC i. Network Site Coordinator ii. Every department requires one NSC b. Definition of NSS i. Network Site Specialist ii. Optional iii. Can have many iv. Assistant to the NSC c. NSCs are given specific access to their department i. The OU is configured so that the departmental NSC has full administrative access to all objects in that OU. 9.4.1_TTU-Specific Technical - Intro to TTU Domain XIII. d. Contact List i. Found in the k-base with keyword: “NSC/NSS Contact List” e. Never refer a customer to their NSC/NSS i. It is our responsibility to relay specific information to their NSC/NSS and ask f. IT Help Central i. Is designated as NSS for many departments which allows us to help them manage their groups and computers in AD. However, the ultimate authority for that department’s resources lies with its NSC, so we check with them first before making changes. ii. IT Help Central is the NSC for the residence halls. Never refer a student to their NSC. First, they don’t know what that means and second, we’re their NSC! g. Appointing or replacing an NSC i. Kbase keyword: “Appoint a Network Site Coordinator (NSC)” h. Appointing or replacing an NSS i. Kbase keyword: “Appoint a Network Site Specialist(NSS)” i. Refer NSCs or NSSs Directly to NOC i. Kbase keyword: “Refer NSCs or NSSs Directly to NOC” How eRaider affects the TTU Domain a. eRaider User Accounts and Domain User Accounts are separate i. even though to our customers they are the same account b. Accounts do not show up in AD until they have been activated in eRaider i. You might be able to find an account with an eRaider username but not be able to find it in AD. That would indicate it hasn’t been activated yet.