Network Engineering

Search this site only.

Active Directory Information

What is Active Directory?

Active Directory (AD) is a directory service that holds user accounts, computer accounts and groups, and stores security information for those objects. The servers that store the directory information and respond to authentication and directory lookup requests are called Domain Controllers. Global Catalog servers are special directory servers that contain a subset of information for every object in the forest.

Services Provided by Network Engineering

Network Engineering maintains the forest root for the Oregonstate.edu AD forest. In addition, Network Engineering is responsible for the following:

1. Schema: The schema controls how objects are defined in AD. Occasionally, it is necessary to make additions to the schema. All such changes are handled by Network Engineering. Schema changes will be thoroughly tested before being implemented, and domain administrators will be notified of the changes and the reasons for making them.
2. DNS for AD: Network Engineering maintains AD service records in DNS for the Oregonstate.edu forest and other AD forests on campus.
3. Replication: Network Engineering monitors communications between domains and will contact departments running their own domain controllers if problems are discovered. Departments should contact Network Engineering when they are experiencing problems so that we can help resolve them.
4. New domains: Any department wishing to add a new domain to our AD forest should contact Network Engineering at net@oregonstate.edu. We will only consider requests that meet the requirements outlined below.

Note: If circumstances arise which affect the overall health of the Active Directory forest and Network Engineering cannot reach the DCA responsible for a system, Network Engineering may log in to Domain Controllers and make necessary changes; we will notify DCAs immediately afterward in such cases.

Requirements for adding a new domain to the forest

In order to keep our AD forest as robust and reliable as possible, and to decrease replication traffic, we would like to minimize the number of domains in the Oregonstate.edu forest. Network Engineering will only consider requests for new domains when the following are true:

1. The department has at least two full-time, qualified IT staff.
2. Adequate hardware has been dedicated for at least 2 Domain Controllers.
3. Domain controllers will be monitored 24x7, and IT staff can be reached by Network Engineering in the event of an emergency.
4. The department has specific functionality requirements that cannot be met by an OU in an existing domain, such as FS_Mail.

Frequently the needs of a department can be met with an Organizational Unit (OU) in the FS_Mail domain, rather than the creation of a new domain. The FS_Mail domain is a free service, and DCAs have full control in their OU to create objects, delegate permissions, set group policy, etc. (More information about FS_Mail.)