Brief Notes — Second Windows 2000 Active Directory Meeting

Corpus Christ College Seminar Room

13 June 2000


Present: Bridget Lewis (OUCS), Julius Davies (Microsoft), Brian Dansey (Libraries Automation Service), Giuseppe Mazzarino (Economics), Martin Ackland (Biochemistry), David Temple (Biochemistry), David Rischmiller (OUCS), John Jenkins (Said Business School), Ian McArthur (Physics), Chris Hunter (Physics), Jean Lofts (Engineering), Jose Duarte (Libraries Automation Service), Guy Robbins (St Anthony’s), Richard Gascoigne (Nuffield), Nino Margetic (Wellcome), Tim Bardsley (Wellcome), Raymond Allen (Wellcome), Elena Blanco (OUCS), Paul Agius (Social Anthropology), Tony Brett (Corpus Christi), Peter Higginbotham (OUCS), Marcus Burrows (University Offices), Jonathan Burt (Continuing Education), Matt Jennings (Hertford), Brian Wright (Queen’s), Carl Harrison (Chemistry), Andy Pickering (Chemistry), Ben Partridge (Chemistry), Neil Long (OUCS)
 
 

Summary

The main points agreed by the attendees at the meeting were as follows.
 
  1. To allow for maximum flexibility at a unit level, each unit requiring Active Directory could set up their own forest if desired.
  2. We should prefer to use the existing unit DNS names as the names of Active Directory domains within units. A unit would be limited to one forest containing a single domain  — this was not felt to be an undue restriction.
  3. To support this structure, for a unit installing Active Directory, OUCS should delegate four DNS subzones per unit from the central DNS servers to DNS servers within the unit, to support limited dynamic updating of SRV records. A records and PTR records (IP name to address mapping and vice versa) would continue to be registered as they are at present. OUCS would aim to reach agreement on this matter as soon as possible to allow units to install AD over the summer if required.
  4. We should investigate the possibility of running a central AD forest to help users needing to access resources in more than one unit. In addition this service might be extended to provide resources to units not wishing to run their own domain controllers (more details to follow).
 

Bridget Lewis, OUCS
July 2000