Campus Active Directory Services (CADS) shared some updates at an Active Directory Community Time event on August 23. If you weren’t able to attend that session, here are the pertinent takeaways.
What is Campus Active Directory?
Active Directory (AD) enables departments and users to leverage NetID authentication when assigning administration of local resources, sharing files, solving password issues and maintaining security across campus.
Automated attestation tool
Developing and upholding Active Directory baseline standards is a key strategy for creating regulated and secure domains across campus. A central component in determining if a domain is adhering to these baseline standards is our quarterly Active Directory baseline attestation. Historically, this has been a manual process, but the AD team has been reviewing products to make attestation automated and, therefore, simpler and less time consuming.
Over the past few months, the team has explored an AD security reporting tool called Purple Knight (Source: purple-knight.com). The benefits of this tool include:
- Running on a domain-joined endpoint device without installation
- Generating a security report for a targeted domain via a series of Powershell scripts
- $0 cost to use
- Vetted through the Risk Management framework and approved by the Cybersecurity team
- Over 100 risk indicators
New engineer
Welcome Richie Markiewicz as the latest AD engineer. He comes to us from UW-Parkside, where he demonstrated his versatility and expertise as an IT professional.
Quest Binary Tree pilot
The team received approval to purchase a subset of licenses for a migration tool called Quest Binary Tree (Source: binarytree.com), which automates, facilitates and manages aspects of AD migrations. With those licenses, the team will perform a pilot migration to assess tool value, performance and how it can support future migrations.
AD Domain Name System (DNS)
Based on partner feedback, the team is currently investigating solutions for issues with Campus Active Directory dynamic DNS and custom DNS suffixes. The team hopes to have solutions in place by the time the Quest Binary Tree pilot ends.
What else should I know?
The next call to attest will be sent out in early October and will rely on the new, automated process. More information will be provided in the coming weeks.
Mark your calendars for the next Campus Active Directory Community Time:
Wednesday, November 16
11am
Teams meeting link
To receive updates from the Campus Active Directory team and join the conversation with the campus-wide Active Directory community, please join the Campus Active Directory channel in Teams.
For questions, please contact activedirectory@doit.wisc.edu.