Once there is a WolfTech Remedy queue created, I'll put in a formal request for the ilo extensions, and confirm a date when we can install in WolfTest.

Rather then try to paraphrase, here's a hacked up e-mail response to give some background:

We had the answer all along

http://xteams.oit.ncsu.edu/iso/node/273

Everette has semi-tested and can therefore semi-confirm that in the WolfTest Domain, before the group reading restrictions were applied, he was seeing better results.  We're planning to do a more formal test in WolfTest RSN.

Info about ISO's directory services, including LDAP, Active Directory, Novell Directory Services...

I asked Brian Arkills from the University of Washingon for his ppt slides from the windows-hied presentation he gave that covered FERPA.

ferpaAndAD- gives an overview of FERPA and has some specific discussion of AD

HiEdConf2007FillInTopics-Barkills - the last topic on Group Invisibility is what many folks in the hied world are doing to deal with FERPA in Active Directory.

Debbie's called an internal meeting this afternoon to setup some projects and get some timelines together for moving our various ADs to WolfTech

I figured I'd put out my project list to save some face to face time

Project: Migrate existing servers to WoldTech WSUS
Should just be a matter of mapping our "approval" models to the WolfTech ones, adjusting for any mismatches (eg does WT currently have a "all patches except for Office" profile needed by the Citrix boxen?) and set a timetable to implement.

I'm doing some cleanup in the UNITY domain, and am starting to collapse the "OU=Unity Computers" into OU=Organizations.

Towards this end, I've changed the container to hold unassigned workstations in Unity.ad (to OU=Computers,OU=Unassigned) and moved the existing machines into the new container.  I'm planning to leave the debris under OU=Unity Computers for a few days to make sure everything "took".

I've documented the steps to take to allow any domain user to register workstations in the domain at

http://xteams.oit.ncsu.edu/iso/node/131

The unity.ad domain was set up so that any authenticated user can "add a workstation to the domain"

Adding a workstation to the domain means that a computer account is created (a "service principal" in Kerberos-speak) which allows the domain controllers and workstations to authenticate each other and setup a secure cryptographic channel for private communications. The workstation can then accept policies, including those that set security settings, and allow logins for accounts held in the domain.

We had the first meeting of the "Active Directory Working Group" on the 28th, the agenda and notes (once approved) will be available at

http://oit.ncsu.edu/iam/active-directory-working-group

In related news, the "IAM Service Team" met on the 29th, see http://oit.ncsu.edu/iam/iam-service-team

The IAM project is one of the first projects to be addressed in OIT's Strategic Operations Plan.

Direct Registration

You can configure computers to use the KMS service without configuring DNS for auto-discovery. This is called "direct registration". Direct registration overrides DNS auto-discovery.

To manually configure a computer to use OIT's KMS service, log onto the computer as an administrator and enter the following commands into a command prompt that has been opened with the right click option of "Run as administrator" :

Your DNS domain can be configured so that your workstations will automatically locate the KMS service. This method is called "auto discovery". Client computers use DNS SRV records to automatically locate the KMS service. The SRV records need to be appended to your DNS domain configuration.