Enterprise Active Directory Forest (AD)
The Enterprise Active Directory Forest (AD) is open to all Johns Hopkins Institutions. A delegated administrative model is in place which enables the IT departments to continue providing support for their customers, applications, and resources. The user accounts in the directory are automatically provisioned and de-provisioned from the Johns Hopkins Enterprise Directory (JHED). Password changes and expirations between AD and JHED are synchronized.
Currently:
User ID's in AD use the JHED ID (LID)
The format used to create a LID is as follows: the first character in the first name, up to the last six characters in the last name followed by a number. The JHED ID's take the format of jdoe112.
What is needed to participate?
Typically, IT organizations have their own Windows Active Directory Forest. Since user ojects are automatically synchronized from JHED into AD, ALmost all of your user ojects are already in AD but a migration of the workstations and servers are required.
Where can I get more information?
The Enterprise Services Group holds a monthly meeting on the second Wednesday of the month from 11 am until noon. Phone and video conferencing is available. You can e-mail the Active Directory Support Team at ad@jhmi.edu to request to be added to the OU Admins distribution list. The monthly AD meeting agenda, changes affecting the AD Forest and general info are sent to this distribution list.
Design
The Windows 2003 Enterprise Active Directory design follows Microsoft recommended best practices. The basic design contains a three domain structure:
AD.JHU.EDU is the first domain created in the forest that does not contain user or computer objects.
WIN.AD.JHU.EDU is located directly below the Dedicated Forest Root Domain (AD.JHU.EDU). It is used to store all user objects in a single, flat People Organizational Unit (OU).
History of Enterprise Active Directory at Johns Hopkins
In January 2001 the Institutional Computing Standards Committee (ICSC) Windows 2000 sub-committee decided to initiate a centrally managed Enterprise Single AD site at Johns Hopkins. In March 2001 the sub-committe determined the basic design principles for the AD site; a flat structure, using a “people” container. This design would aid in future Directory Integration projects with the Identity Management system provided by the Enterprise Group called Johns Hopkins Enterprise Directory or JHED.
Funding for the initial Active Directory site was obtained from Network and Telecommunications Services in April 2001. The initial proposal for funding was designed to support up to 20,000 users across Homewood Campus, Bayview Campus, and East Baltimore Campus.
In June 2001, with the assistance from Microsoft Active Directory Support Engineers, additional changes were made to the Active Directory design. The AD site currently exists in that design.
Contact Information
E-Mail the Active Directory Team for more information at ad@jhmi.edu or contact
Andy Baldwin at (410) 735-4268 or e-mail at andrew.baldwin@jhu.edu
Ibrahim Njai at (410) 735-4779 or e-mail at Ibrahim.njai@jhu.edu
![[Johns Hopkins University]](/sebin/i/p/johns-hopkins-university-logo.gif){kind=logo}
![[Johns Hopkins Medicine]](/sebin/k/q/johns-hopkins-medicine-logo.gif){kind=logo}
