Punahou School
Solution Profile
Consulting agreement where CTA Engineering would consolidate the school’s two Windows domains into a single Windows 2000 Active Directory forest and domain.
The Problem
Punahou School was maintaining a Windows NT 4.0 domain for all faculty/administrators and separate Windows 2000 Active Directory implementation for all students. Their existing solution required administrators to maintain servers in both domains along with duplicate accounts for anyone who required access in both domains. The school had also made plans to implement a Unix based intranet application for managing student grades and a way for parents to monitor their child’s progress on-line. The Windows NT 4.0 domain would not provide LDAP compatibility or single sign on to the Unix box.
The Solution
CTA Engineering proposed creating a single Windows 2000 forest and domain. Within the domain, two Organizational Units (OU’s) would be created. One OU would maintain the faculty/administrative accounts, and the other would maintain all of the student accounts. The school wanted to limit the amount of downtime, so CTA Engineering recommended that all user accounts be exported from their respective domains to include the unique Security Identifiers (Sid’s). This way a user’s permissions would remain intact on all file shares as the user moved to the new domain. Security settings on the file structure were extremely important to ensure that students were unable to manipulate any of their grades.
Using the Active Directory Migration Tool (ADMT) from the Windows 2003 CD, all of the user accounts and the Sid history was migrated to the new domain. Once the user accounts were ported to the new domain, custom scripts were written to rename all user accounts with the new naming standard established by the school.Once the domain was built and all the user accounts were in place, the ADMT was used to join the school’s Windows desktops to the new domain. The utility allowed us to automatically join the existing computers into the new domain without having to physically visit each of the desktops. Once the desktops were migrated to the new domain each of the member servers were migrated as well using the same process. All of the data would remain intact on the same servers and because we were able to maintain the Sid history, the file permissions remained the same.
Solution Benefits
- CTA Engineering provides Microsoft Gold support to Punahou School
- Design an integrated Windows 2000 Active Directory Forest to manage the school’s 4,000 students and 600 faculty/administrators
- Centralized account database
- Single sign-on
- LDAP compatibility for the school’s new intranet site that resides on a SUN platform
- Centralized security model for managing permissions
- Standardized usernames
|
