Active Directory at UNC


ITS Desktop Infrastructure currently manages the forest root domain which defines the central Active Directory forest on campus, and a child domain for campus units wishing to leverage central domain administration. Microsoft’s Active Directory simplifies network management, strengthens security, and extends interoperability. For more information about how Active Directory works see Microsoft Technet Article.

Using Active Directory as the foundation, ITS Desktop Infrastructure streamlines operations by providing a set of commonly needed services, thereby reducing redundancy and allowing departmental administrators to concentrate on department-specific needs. These services currently include infrastructure analysis, DNS management, schema management, and post migration directory support.

We have also developed services for campus including AD migration support, organizational unit (OU) membership, Group Policy administration, and guidelines for best practices. Other non-AD services being explored for future availability include “single sign-on” through Kerberos trust.

More Information

Usage of the ITS Active Directory forest increased as Microsoft ended support for Windows NT 4 and departments migrated from Windows NT 4 domain infrastructures to Windows 2000 and Server 2003. Given the hierarchical nature of domains and organization units possible with Windows 2000, ITS implemented the first domain in the “” forest (called the forest root domain) to help centrally manage the tree hierarchy and the schema that defines the “” forest.

To Windows NT 4 administrators, Windows Server 2000/2003 and especially Active Directory introduced some totally new concepts. It is not a simple product or a simple process to migrate, although there are many resources available from the ITS Desktop Infrastructure group, from Microsoft, other campus administrators, and elsewhere on the internet. It is critical to do your homework and understand these technologies before considering a migration.