Microsoft Active Directory @ UCA

Beginning in September 2016, IST has begun implementing Active Directory on UCA computers. This pages lists common questions about this project.
activedirectory

What is Active Directory?

Active Directory (or AD) is an enterprise directory service. AD manages computers, users, printers, and other technology resources within an organization using logical, hierarchical groups, which makes it easy to arrange, store, and secure technical information. UCA’s AD domain is campus.uca.edu.

Why is UCA implementing AD?

The current networking environment at UCA is built upon an aging enterprise technology called Novell eDirectory. While Novell eDirectory has a history of networking success in smaller institutions, UCA has outgrown its limited capabilities, and Novell eDirectory is no longer sufficient to support the information technology advances and overall direction of the University.

What work has been done so far?

IST has already completed work to develop, build, and test the necessary infrastructure for AD on the UCA campus. All the major components of the AD infrastructure campus network including DHCP, DNS, SCCM, KMS, and the necessary domain controllers have been successfully built. In addition, IST has implemented several pieces of technology including NetIQ and JAMF Casper to help migrate users and their data, as well as make the process as painless as possible for everyone.

IST has already successfully migrated over 80 of its own users and computers to Active Directory. Testing is currently underway to identify any potential problems with the goal of resolving those before a rollout to the other parts of campus.

As of January 13, 2017, over 700 university owned computers have been migrated to Active Directory.

What are the advantages of implementing AD at UCA?

There are several reasons why AD is a better enterprise platform for UCA than Novell eDirectory:

  1. Security – Novell eDirectory does not support role-based access control (RBAC). This requires an inordinate amount of time and resources to manage and delegate access to internal and external resources. AD will allow security and access controls to be based on who you are, not where you are.
  2. Shifts in IT Trends – The current and most supported system for enterprise networking solutions is Active Directory. Simply put, Novell eDirectory is outdated, and technology companies develop new applications and upgrades that are incompatible with eDirectory. There has been a long-time market trend toward Microsoft services; it is more streamlined, efficient, and secure to manage, deploy, patch, and secure computers, devices, and accounts on a Microsoft network.
  3. Interoperability – Novell eDirectory requires a great deal of customization when trying to integrate and interoperate with other technologies. Active Directory is the leading and most supported method of user authentication and resource management on the market. Almost all technologies natively support and function well with Active Directory.
  4. Standardization – AD allows IST to better standardize our technology configurations across campus, which is an important goal for the entire campus to work efficiently.
  5. Virtual Desktop Infrastructure (VDI) – UCA’s options for desktop virtualization have been extremely limited in the past while using Novell eDirectory. Once Active Directory is in place and becomes the standard for all users on campus, IST can adopt VDI for a number of applications both on and off campus.

For these reasons and more, IST has decided that it is time for UCA to move to a more modern and secure network enterprise system. This project will enhance IST’s ability to provide the very best in enterprise class software and support. It will also allow IST to actively engage in projects that have been largely ignored or not possible until now.

Who will be migrated to AD?

All computer users and 99.9% of all computers on campus will be included in the AD migration. All faculty, staff, and student accounts currently on the Novell network will be migrated to the new Active Directory network.

How can I prepare for the migration?

The migration process is fairly painless. Almost all of the migration is automated and will require very little intervention on the end user’s part. However, as with any major IT change, there are always things that you can do to be more prepared.

  1. Check the AD Project Timeline page to see when your building is scheduled to be moved to AD. Plan on being present on that date during the migration process.
  2. Secure your data. Not only is this important prior to the migration, but it is an excellent best practice to use on a regular basis.
  3. Consider attending an AD training session or contacting IST if you have questions prior to your scheduled migration date.

For more information on the migration process, please visit our AD Workstation Migration page.

How does this change affect me?

In general, AD should not affect your everyday computer use while at UCA. Perhaps the most noticeable change is that the University will be moving to an information security model known as least privilege for all computer users at UCA. Essentially, this means that computer users will have the minimum amount of security privileges on their assigned UCA-owned computer as is needed to perform their jobs. However, for the vast majority (99% or more) of computer users on campus, this security change will not impede their daily job functions in any way. Additionally, the least privilege model takes the security privileges that pose the greatest information security risks and limits them to a very small group of people. Consequently, the University’s overall information risk profile is decreased dramatically.

By implementing this change, UCA can take advantage of AD’s best security features (that Novell eDirectory does not have), which helps protect data and resources belonging to UCA and the state of Arkansas. In addition, up-to-date security helps protect academic freedom, which is essential to the University, its vision, and its constituents.

What is the timeline for this project?

As of September 2016, IST has completed all the necessary infrastructure changes to move users and computers to AD. Additionally, all of the IST users and computers have been moved to the new environment. A detailed timeline for moving the rest of the University to AD is being fully developed; however, we have a preliminary timeline available for you to view now. Please keep in mind that this timeline is a draft and may be subject to change as the project moves forward.

Will my username and password change?

No. You will retain the same username and password.

Will I still be able to access my UCA network drives?

Yes. All faculty/staff network drives and shared pool drives will be migrated to the new Active Directory network. However, as this is a staged rollout and not all users will be migrated at the same time, there may be a short period of time where it may be necessary to log into the network twice to access some shared resources.

What should I do if I need software installed on my computer?

IST has invested in a unique product known as Avecto Defendpoint to manage privilege escalation issues for our users. Although users will not be “admins” on their computers, Avecto provides a means for employees to receive elevated privileges when they need to install new software on their computer or perform certain other tasks that require administrative rights. This program helps to ensure that employees workflows and productivity are not hampered, but yet provides UCA with increased security on the workstations owned by UCA.

In addition to this ability, IST also maintains a large volume of vetted and whitelisted software for use by UCA employees. These software titles are available to all computers through our SCCM server. Once a computer has been migrated to Active Directory, employees will have the ability to browse and install any software available on the SCCM server.

Please note, Avecto Defendpoint is currently in final development stages and will be deployed to all computers managed by Active Directory in late-January or early-February.

Will there be training offered on AD?

While we do not expect a very steep learning curve, IST is offering orientations for users who are interested in learning more about AD and how it will affect daily computer use at UCA. This orientation will focus on logging into the new network, installing approved software via the self-service portal, and installing printers with the new PrinterLogic tool. To register for a session, or for more information, please visit the IST Training page; IST will add more orientation dates as needed.