The central AD service is comprised of four servers distributed between Chapel Street and our Disaster Recovery (DR) site. The service runs under Windows 2008 R2 Enterprise and is regularly backed up.
Two domain controllers are stored in each site. The DNS, AD, and GC services are replicated between each domain controller across both sites in regular intervals.
The AD service is synchronized nightly via a process developed internally that pulls data extracted from the central ERP system. User's passwords are also synchronized on a near real-time basis. The data synchronized includes items such as title, phone, department, and name. The actual structure of AD is comprised of three main branches:
- People
- University
- OU_Admins
Under the People branch there are two secondary branches:
- Faculty and Staff
- Students
The University branch contains the managed Organizational Units (OUs) handled by technology personnel in colleges/departments. Top-level OUs are created under this primary branch for the requesting unit. The People branch is maintained by the Enterprise Administrators (EA) and access is restricted. OU Admins have complete control over their top-level managed OU and can create all objects there to support their working environment. The OU_Admins OU is used to maintain a list of the personnel who manage OUs.
The following diagram shows the structure of the central AD: