This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
EIDM Check-list For Active Directory
EIDM Check-list For Active Directory

Version management

Difference between version and

At line 1 added 54 lines
!!!Active Directory
* What is the name of your AD Domain?
* What is the name of your AD Forest?
* What is the current Windows environment? (i.e.: Windows NT, Windows 2000, Windows 2003)
* How many servers
* What are the specifications? (Brand RAM Disk etc.)
* What other services/software are linked with Active Directory (i.e.: Microsoft Exchange)?
* Describe the current NT Domain model (i.e.: single domain, multi-domain with trusts).
** Would you be able to expand your domain structure down to the user object level and send an electronic copy (i.e.: place snapshots in a Word document)?
* How many users exist in this directory?
* How many groups exist in this directory?
* What users, other than employees, are created (i.e.: contractors, vendors, patients, students)? Is there a way to distinguish who is an employee and who is not? How?
* How many domains are in the forest?
* Can you provide the IP Address and authorization to log into production to view the directory? If not for this phase for the Design/Development phase?
* Do you have any plans to upgrade this directory in the near future?
* Are there any known data cleansing issues?
* Are user account names unique across the entire domain or just within a container?
!!!Business Processes
* Who are your network administrators (the administrators who add and maintain user objects in your directory) for Active Directory?
* Will this be one way from Identity Vault to AD? If not, what event do you want to flow to IDV?
* What is the business process for adding a new user object? (What is the means of notification? What information is minimally required?)
* What is your corporate standard for naming conventions in AD (i.e.: default behavior = full name, CN)
** displayName: (Insert Naming Convention)
** sAMAccountName: (Insert Naming Convention)
** userPrincipalName: (Insert Naming Convention)
** Distinguished Name for AD: (Insert Naming Convention)
* What is the naming algorithm (conflict resolution) for creating new user objects?
* What attributes are normally used to create a user object? Please identify which attributes are needed minimally (required).
* What attributes default for a user object create and what are the default values?
* What attributes that you are not populating or maintaining currently would you like to see populated and maintained through IDM?
* What is the business process for deleting/disabling a user object? (i.e.: What is the means of notification? How long are accounts left disabled before they are deleted? Are the accounts moved to another container?)
* What is the business process for moving a user object? (What is the means of notification? Is this done with a move, a delete/create new user, disable/create new user?)
* What is the business process for modifying a user object? (What is the means of notification? What attributes are changes normally requested for?)
* What is the business process for renaming an object?
* What attributes, if any, would you like to come back to the directory? And what is the authoritative source of each? (i.e.: email address)
* Right back: If a change to a user object occurs in AD do you want the original values (from the Identity Vault) to change it back again?
* What are the business rules or the password policy for creating passwords?
* How are initial/default passwords determined? How are they communicated to users?
* Are there any additional users that will need to be populated into AD during this implementation?
** If yes, from what source(s) will Active Directory be populated during implementation?
!!!Development / Test Environments
* Do you have separate development and test environments? If not, what is the lead time to provide a development environment?
* Do you follow any configuration management processes? If yes, what are they?
* Do you have any service location protocol (SLP) installed in your environment? If yes, what is it?
!!!Deployment / Implementation
* What are your current maintenance schedules (i.e. health checks, scheduled downtimes, time slots for downtime)?
* What backup and recovery procedures to you have?
* What change management procedures to you have?
!!!Miscellaneous
* Are there any additional comments, risks, assumptions or issues that we should be aware of for this project?
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop