Professional Documents
Culture Documents
Domain
Administrators
Domain Administrators at LBL on occasion have to perform duties associated with Schema and Enterprise
administrators as identified below.
Schema Administrator
Maintains security and integrity of schema
Oversees modifications to schema
Full disaster recovery plan and practice of schemaEnterprise Administrator
Creation and management of the forest
Overall security and reliability of the forest
Creation and removal of domains
Management of trust relationship with ALS domain
Full disaster recovery plan and practice of trustsDomain Administrator
Creation and management of directory infrastructure
Includes FSMO roles, trusts, Kerberos KDCs, replication topology, etc.
Creation of all top-level OU hierarchies with subOUs, groups, and appropriate security permissions. This
includes adding the OU Admins to the AddComputers group, Group Policy Creator Owners group, and OU
Admins mail list. It also includes setting appropriate permissions on the created objects
Monitor and reporting associated with the reliability and security of the domain
Use the domain admin account only for actions that require the privilege level of this account
Monitoring changes to domain root and domain controllers OU to ensure unauthorized changes do not occur
Day-to-day management of domain controllers
Monitoring connectivity, synchronization, replication, netlogon, time services, FSMO roles, schema, NTDS
database partitions, DNS settings, SRV records, and trust relationships
Review DC event and security logs and take corrective actions
Monitor and resolve security situations at all levels of domain to ensure stable and secure domain
Domain Controller Management
Physical security of the domain controllers in IT Division space and oversite for all domain controllers
Backups and restores on domain controllers
Full disaster recovery plan and practice of DCs and core Directory objects
Policy monitoring and compliance
Apply and enforce LBL standard naming conventions for objects in the domain
Comply with LBL AD policies and standards as defined on the AD Web Site
Monitor compliance with LBL AD policies and standards as defined on the AD Web Site, including change
management
Communication and coordination
Arbitrate disputes between OU Admins
Provide OU Admins assistance when requested
Coordination with CPP to ensure the LBL domain is secure
Comply with all CPPM orders regarding emergency conditions
Work collectively with the OU administrators
Secure remote administration of the DCs and member servers managed by the Infrastructure Group
Manage group policy at root of domain and for Domain Controllers OU
Manage the Users and Computers Containers
Install and manage security reporting tools used to monitor changes to the Active Directory
Coordinate and configure alarm distribution to OU Admins for OU-related events
Plan and manage all migrations and upgrades related to the AD or the DCs
OU Administrators
Server Owners
(maybe dual role
with OU
administrator)
Host and maintain server (i.e., IIS, business specific service, etc.)
Patching/software upgrades
Volume/partition space management
Hardware migration
Software licenses for all member server(s) added to their OU hierarchy
hardware maintenance for all non-Infrastructure-managed member servers
Operating system maintenance for all non-Infrastructure-managed member servers
Maintain level of member server system security by applying Service Packs and security patches
Department application, file service, workstation and printer support
Create printer objects and access control lists.
Backup/recovery
Full disaster recovery plan and practice
Desktop Support
Request drive mapping via login script when needed from OU manager
Add user domain account to workstation
Assist data owners with archiving to offline storage (dvd/cd)
Provide the following (if possible) to the domain admins, when suspecting a desktop related problem stems from a
change to the Active Directory or DC configuration
1. event description
2. logon name of affected user
3. name of affected computer
4. time of event
5. relevant warnings and errors in event logs
6. relevant warnings or errors displayed on screen
Data Owners
Help Desk
End user
Users who experience problems with a particular service should contact the IT Help desk for general questions.
If the issue cant be resolved, then the Help Desk (or the End user) can contact the OU administrator