Get Started. It's Free
or sign up with your email address
AD Mind Map by Mind Map: AD Mind Map

1. Microsoft SCCM potential tool for OS and Patch deployment


2.1. Approach

3. DNS Design

3.1. Non Authoritative Resolution for Ops Namespaces

3.2. AD DNS Forwarding

3.2.1. Root Hints

3.2.2. Exernal Resolution Ops DNS Servers Align IP Space with Organizational Ownership QA

3.2.3. Conditional Forwarders Determine if QA Needs Forwarding Maybe not needed if they run their own domain

3.3. Split Zone

3.3.1. Internal View

3.3.2. External View

3.3.3. Internal Domain not Same as Internal Domain Name

3.3.4. Determine if It's Necessary

3.4. Secure Dynamic Updates

3.5. What We Have / Want to Have

3.5.1. Scott Singhass Owns DNS Bill Teachnor SME Cloudstack Virtualization

3.5.2. AD/DNS In Geographical Disperate Locations SBA for all of US KAR BGL

3.5.3. OPS DNS located SBA IAD FRA BGL Any cast IP for Global DNS in OPS Public IP Private IP May be blocked by firewall May need routes advertised

3.5.4. Split Horizon Internal View Whitelisted for Internal Results If not whitelisted external results returned For employee use External VIew


4.1. HA Design

5. Systems Management

5.1. Log Analytics

5.1.1. User Access Objects Accessed Successful Logins Failed Logins

5.1.2. Modification to Admin Controls

5.1.3. Threat Detection

5.1.4. Logging Infrastructure Splunk IT Dedicated Instance? Shared with TechOps?

5.2. Change Control

5.2.1. ITIL

5.2.2. Ops Jira

5.2.3. IT ServiceNow!

5.3. Threat Management

5.3.1. Microsoft System Center

5.3.2. Advanced Threat Analytics (ATA)

5.4. Application and Configuration Management

5.4.1. Patch Management Operating System Server OS (Windows) End Point Infrastructure Network Appliances Storage Appliances Applications Server Apps End Point Apps Mobile Apps Home Grown Applications Detection / Inventory

5.4.2. Software Deployment Servers End Points Policy Management / Configruation Standard

5.5. Inventory

5.5.1. Software

5.5.2. Hardware

5.5.3. Analytics

5.6. IT Networking

5.6.1. AD Integration with IPAM

5.6.2. Configuration Management

6. AD SAML/Federated Services VS Trusts

6.1. SAP wnats to create and AD trust

6.1.1. Provisins solme level of trust between domains

6.1.2. Requires infrastructure

6.2. Prefer SAML integration

6.2.1. Token based

6.3. OKTA has 2FA and SAML

6.4. Will Trustst Need to be created between Citrite and SpinCo

6.4.1. Microsoft Federation Services required to create federation between more than one AD domain

6.4.2. There may be more than one spinco domain where user accounts will be needed

7. End Point Migration

7.1. Active Directory

7.1.1. Device Membership / Computer Account Keep Computer Name Join New Domain Copy Data from One User Profile to Another Need a list of computers that need to be migrated Server Migration Need a List of Target Servers AD Joined Servers AD Service Accounts

7.1.2. User Account Keep usernames from citrite Identify Individual that need to be migrated Nick Dougan Mark Drake Need an Authorative List Service Accounts

7.1.3. Group Membership

7.2. Data Migration

7.2.1. Local Data Users need access to their local data Copy and redirect links to new user profile

7.2.2. Networked Data In Expertcity In Citrite In Sharefile Sharepoint Data Podio Data Shared Dept Data

7.3. Tools

7.3.1. Power Shell Move User to New Domain Move Data to New Home Drive

7.3.2. Potential New Tools MIgration Tools MS AD Migration Tool (ADMT) Dell Quest AnyConnect for VPN PreLogin Allow network connectivity Require Login After Reboot (but before User Login)


8.1. Deepam has Issues with network integration with OKTA 2FA

8.2. May need to integrate with multiple AD domains