Upload File

automated computer account management in active directory june 2 nd, 2009 bill claycomb systems...

  • Home
  • Documents
  • Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram
14
Automated Computer Account Management in Active Directory June 2 nd , 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

Upload: ann-alexander

Post on 25-Dec-2015

217 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Automated Computer Account Management

in Active Directory

June 2nd, 2009

Bill ClaycombSystems Analyst

Sandia National Laboratories

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy’s National Nuclear Security Administration

under contract DE-AC04-94AL85000.

Page 2: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Agenda

•Background•Motivation•Design and Implementation•Performance•Discussion•Future Directions

Page 3: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Active Directory

• Localized data store containing information about objects– Users– Computers– Contacts, etc.

• Provides information to applications– Authentication and access control – Contact information– Group membership

• Uses LDAP Communication Protocol– Lightweight Directory Access Protocol

Page 4: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Active Directory at SNL

•User account objects:– 12651 user accounts– 2023 service accounts

•Group objects– 14024 group objects

•Contact objects:– 21543 contact objects

•Computer objects:– 24989 computer objects

Page 5: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

The Problem

• Authoritative data source for computer account information is not Active Directory (AD)– SQL Database: Network Information System (NWIS)

• Policy requires any object in Active Directory to be in authoritative data source– Policy was not enforced

• Administrative duplication of efforts– Machine records manually entered into database– Computer accounts manually entered in AD– Computer accounts manually managed in AD once

populated

Page 6: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Solution

•Automate computer account population and management in Active Directory

Page 7: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Benefits

• Automated population and standardization of account data– Ownership– Support notes

• Reduced administrative overhead– Eliminate need for manual account creation

• Enable registration policy enforcement• Accurate reflection of actual computer usage

– Large impact to billing calculations– Removal of inactive accounts from AD

Page 8: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Implementation - Platform

•Application developed using .NET Framework– Allows easy interoperability with Active

Directory– Simple interface with SQL database as well– Service easily integrates with existing

Windows platform

Page 9: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Implementation - Provisioning Database

UniqueID Name Owner Management Info OS Machine roles Etc.

AD UniqueID Name Owner Info OU Location Provisioning Tags

Page 10: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Implementation - Management

Authorized Accounts

Existing Accounts

New Accounts Account Changes Expired Accounts

Page 11: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Implementation Concerns

•How to handle machines no longer authorized to be in Active Directory?

•Handle workstations differently than servers?

•How to handle machine renames?•How to handle movement of computers between management unit OU’s?– Machine owner changes locations, and thus

changes management unit

Page 12: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Future Directions

•Automated management of object location– Requires consistent OU structure within

management units

•Feed Active Directory information back to authoritative data source– Usage information– Logging information

Page 13: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Design and Implementation Team

• Database– Miriam Maldonado– Stan Hall– Andrew Steele– Robbie Evanoff– Jim House

• Active Directory– Bob D’Spain– Jason Crenshaw– Bill Claycomb

Page 14: Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram

Questions

http://www.sandia.gov

[email protected]


Sandia National Laboratories · Sandia National Laboratories is a multiprogram laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin

Parallel Visualization Kenneth Moreland Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin

An Overview of Trilinos Michael A. Heroux Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin

Sandia National Laboratories Albuquerque, N.M.doeplasma.eecs.umich.edu/files/Web_Barnat_Ed_2010_03_19.pdf · Sandia National Laboratories. Albuquerque, N.M. Sandia is a multiprogram

Energy Storage Opportunities Analysis Phase II Final ... · Energy Storage Opportunities Analysis Phase ... Sandia is a multiprogram laboratory operated by Sandia Corporation,

Erik P. DeBenedictis Sandia National Laboratories February 24, 2005 Sandia Zettaflops Story A Million Petaflops Sandia is a multiprogram laboratory operated

Sandia · 2021. 2. 18. · 2 Sandia Research is a quarterly magazine published by Sandia National Laboratories. Sandia is a multiprogram engi-neering and science laboratory operated

wjCj Reconnect ‘04 Using PICOdimacs.rutgers.edu/archive/reconnect/Lafayette/... · Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,

InfoVis in ParaView Timothy M. Shead Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin

1 An Overview of Trilinos Michael A. Heroux Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed

June 9, 2015 2015 PDC Mark Boslough & Barbara Jennings Sandia National Labs Albuquerque, NM Sandia is a multiprogram laboratory operated by Sandia Corporation,

December 27, 2016 2015 PDC Mark Boslough & Barbara Jennings Sandia National Labs Albuquerque, NM Sandia is a multiprogram laboratory operated by Sandia

Exascale Computing and The Institute for Advanced Architectures and Algorithms (IAA) Sandia is a Multiprogram Laboratory Operated by Sandia Corporation,

How To Give a Talk Tammy Kolda Sandia National Labs July 3, 2007 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin

Trilinos Progress, Challenges and Future Plans Michael A. Heroux Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation,

Sandia · 2 Sandia Research is a magazine published by Sandia National Laboratories, a multiprogram engineering and science laboratory operated by Sandia Corporation, a Lockheed Martin

VtkPainter and Friends Kenneth Moreland Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin

Extreme Scale Trilinos: How We are Ready, And Not Michael A. Heroux Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia

Mike Hightower Sandia National Laboratories · Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company for the United States Department of Energy’s

Michael Chandross Sandia National Laboratories ...files.asme.org/Divisions/Tribology/17649.pdf · Sandia National Laboratories, Albuquerque, NM Sandia is a multiprogram laboratory

Portable encryption technologies at Sandia Jeremy Baca Cyber Security Technologies Department Sandia National Labs Sandia is a multiprogram laboratory

Trilinos Overview and Future Plans Michael A. Heroux Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a

Sandia · 2 Sandia Research is a quarterly magazine published by Sandia National Laboratories. Sandia is a multiprogram engi-neering and science laboratory operated by Sandia Corporation,

Energy-Water Nexus Vincent Tidwell and Mike Hightower Sandia National Laboratories Albuquerque, New Mexico Sandia is a multiprogram laboratory operated

US Test Blanket Module Partially Integrated Testing Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for

Clusters Rule! (SMPs DRUEL!) David R. White Sandia National Labs Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin

Sandia National Laboratories NISAC’s core partners are Sandia National Laboratories and Los Alamos National Laboratory. Sandia is a multiprogram laboratory

rd Fuzing & Firing Systems at Sandia National …...Sandia National Laboratories [email protected] (505) 845-9138 May 20, 2009 Sandia is a multiprogram laboratory operated by Sandia

Mike Hightower and Anay Luketa-Hanlin Sandia National Laboratories Albuquerque, New Mexico Sandia is a multiprogram laboratory operated by Sandia Corporation,

Epetra Tutorial Michael A. Heroux Sandia National Laboratories Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,

Sandia€¦ · Sandia Research is a quarterly magazine published by Sandia National Laboratories. Sandia is a multiprogram engi-neering and science laboratory operated by Sandia Corporation,

SciDAC SSS Quarterly Report Sandia Labs August 27, 2004 William McLendon Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed

August 27, 2022 2015 PDC Mark Boslough & Barbara Jennings Sandia National Labs Albuquerque, NM Sandia is a multiprogram laboratory operated by Sandia Corporation,

Unstructured Data Partitioning for Large Scale Visualization CSCAPES Workshop June, 2008 Kenneth Moreland Sandia National Laboratories Sandia is a multiprogram

SAND No. 2009-8395P Sandia is a multiprogram …...1 SAND No. 2009-8395P Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United