1. Microsoft SCCM potential tool for OS and Patch deployment
2. RBAC
2.1. Approach
3. DNS Design
3.1. Non Authoritative Resolution for Ops Namespaces
3.2. AD DNS Forwarding
3.2.1. Root Hints
3.2.2. Exernal Resolution
3.2.2.1. Ops DNS Servers
3.2.2.2. Align IP Space with Organizational Ownership
3.2.2.2.1. QA
3.2.3. Conditional Forwarders
3.2.3.1. Determine if QA Needs Forwarding
3.2.3.1.1. Maybe not needed if they run their own domain
3.3. Split Zone
3.3.1. Internal View
3.3.2. External View
3.3.3. Internal Domain not Same as Internal Domain Name
3.3.4. Determine if It's Necessary
3.4. Secure Dynamic Updates
3.5. What We Have / Want to Have
3.5.1. Scott Singhass Owns
3.5.1.1. DNS
3.5.1.1.1. Bill Teachnor SME
3.5.1.2. Cloudstack
3.5.1.3. Virtualization
3.5.2. AD/DNS In Geographical Disperate Locations
3.5.2.1. SBA for all of US
3.5.2.2. KAR
3.5.2.3. BGL
3.5.3. OPS DNS located
3.5.3.1. SBA
3.5.3.2. IAD
3.5.3.3. FRA
3.5.3.4. BGL
3.5.3.5. Any cast IP for Global DNS in OPS
3.5.3.5.1. Public IP
3.5.3.5.2. Private IP
3.5.3.5.3. May be blocked by firewall
3.5.3.5.4. May need routes advertised
3.5.4. Split Horizon
3.5.4.1. Internal View
3.5.4.1.1. Whitelisted for Internal Results
3.5.4.1.2. If not whitelisted external results returned
3.5.4.1.3. For employee use
3.5.4.2. External VIew
4. DHCP
4.1. HA Design
5. Systems Management
5.1. Log Analytics
5.1.1. User Access
5.1.1.1. Objects Accessed
5.1.1.2. Successful Logins
5.1.1.3. Failed Logins
5.1.2. Modification to Admin Controls
5.1.3. Threat Detection
5.1.4. Logging Infrastructure
5.1.4.1. Splunk
5.1.4.1.1. IT Dedicated Instance?
5.1.4.1.2. Shared with TechOps?
5.2. Change Control
5.2.1. ITIL
5.2.2. Ops
5.2.2.1. Jira
5.2.3. IT
5.2.3.1. ServiceNow!
5.3. Threat Management
5.3.1. Microsoft System Center
5.3.2. Advanced Threat Analytics (ATA)
5.4. Application and Configuration Management
5.4.1. Patch Management
5.4.1.1. Operating System
5.4.1.1.1. Server OS (Windows)
5.4.1.1.2. End Point
5.4.1.2. Infrastructure
5.4.1.2.1. Network Appliances
5.4.1.2.2. Storage Appliances
5.4.1.3. Applications
5.4.1.3.1. Server Apps
5.4.1.3.2. End Point Apps
5.4.1.3.3. Mobile Apps
5.4.1.3.4. Home Grown Applications
5.4.1.4. Detection / Inventory
5.4.2. Software Deployment
5.4.2.1. Servers
5.4.2.2. End Points
5.4.2.3. Policy Management / Configruation Standard
5.5. Inventory
5.5.1. Software
5.5.2. Hardware
5.5.3. Analytics
5.6. IT Networking
5.6.1. AD Integration with IPAM
5.6.2. Configuration Management
6. AD SAML/Federated Services VS Trusts
6.1. SAP wnats to create and AD trust
6.1.1. Provisins solme level of trust between domains
6.1.2. Requires infrastructure
6.2. Prefer SAML integration
6.2.1. Token based
6.3. OKTA has 2FA and SAML
6.4. Will Trustst Need to be created between Citrite and SpinCo
6.4.1. Microsoft Federation Services required to create federation between more than one AD domain
6.4.2. There may be more than one spinco domain where user accounts will be needed
7. End Point Migration
7.1. Active Directory
7.1.1. Device Membership / Computer Account
7.1.1.1. Keep Computer Name
7.1.1.2. Join New Domain
7.1.1.3. Copy Data from One User Profile to Another
7.1.1.4. Need a list of computers that need to be migrated
7.1.1.5. Server Migration
7.1.1.5.1. Need a List of Target Servers
7.1.1.5.2. AD Joined Servers
7.1.1.5.3. AD Service Accounts
7.1.2. User Account
7.1.2.1. Keep usernames from citrite
7.1.2.2. Identify Individual that need to be migrated
7.1.2.2.1. Nick Dougan
7.1.2.2.2. Mark Drake
7.1.2.2.3. Need an Authorative List
7.1.2.3. Service Accounts
7.1.3. Group Membership
7.2. Data Migration
7.2.1. Local Data
7.2.1.1. Users need access to their local data
7.2.1.2. Copy and redirect links to new user profile
7.2.2. Networked Data
7.2.2.1. In Expertcity
7.2.2.2. In Citrite
7.2.2.3. In Sharefile
7.2.2.4. Sharepoint Data
7.2.2.5. Podio Data
7.2.2.6. Shared Dept Data
7.3. Tools
7.3.1. Power Shell
7.3.1.1. Move User to New Domain
7.3.1.2. Move Data to New Home Drive
7.3.2. Potential New Tools
7.3.2.1. MIgration Tools
7.3.2.1.1. MS AD Migration Tool (ADMT)
7.3.2.1.2. Dell Quest
7.3.2.2. AnyConnect for VPN PreLogin
7.3.2.2.1. Allow network connectivity
7.3.2.2.2. Require Login After Reboot (but before User Login)