Active Directory #
- What is the name of your AD Domain?
- What is the name of your AD Forest?
- What is the current Windows environment? (i.e.: Windows NT, Windows 2000, Windows 2003)
- How many servers
- What are the specifications? (Brand RAM Disk etc.)
- What other services/software are linked with Active Directory (i.e.: Microsoft Exchange)?
- Describe the current NT Domain model (i.e.: single domain, multi-domain with trusts).
- Would you be able to expand your domain structure down to the user object level and send an electronic copy (i.e.: place snapshots in a Word document)?
- How many users exist in this directory?
- How many groups exist in this directory?
- What users, other than employees, are created (i.e.: contractors, vendors, patients, students)? Is there a way to distinguish who is an employee and who is not? How?
- How many domains are in the forest?
- Can you provide the IP Address and authorization to log into production to view the directory? If not for this phase for the Design/Development phase?
- Do you have any plans to upgrade this directory in the near future?
- Are there any known data cleansing issues?
- Are user account names unique across the entire domain or just within a container?
Business Processes #
- Who are your network administrators (the administrators who add and maintain user objects in your directory) for Active Directory?
- Will this be one way from Identity Vault to AD? If not, what event do you want to flow to IDV?
- What is the business process for adding a new user object? (What is the means of notification? What information is minimally required?)
- What is your corporate standard for naming conventions in AD (i.e.: default behavior = full name, CN)
- displayName: (Insert Naming Convention)
- sAMAccountName: (Insert Naming Convention)
- userPrincipalName: (Insert Naming Convention)
- Distinguished Name for AD: (Insert Naming Convention)
- What is the naming algorithm (conflict resolution) for creating new user objects?
- What attributes are normally used to create a user object? Please identify which attributes are needed minimally (required).
- What attributes default for a user object create and what are the default values?
- What attributes that you are not populating or maintaining currently would you like to see populated and maintained through IDM?
- What is the business process for deleting/disabling a user object? (i.e.: What is the means of notification? How long are accounts left disabled before they are deleted? Are the accounts moved to another container?)
- What is the business process for moving a user object? (What is the means of notification? Is this done with a move, a delete/create new user, disable/create new user?)
- What is the business process for modifying a user object? (What is the means of notification? What attributes are changes normally requested for?)
- What is the business process for renaming an object?
- What attributes, if any, would you like to come back to the directory? And what is the authoritative source of each? (i.e.: email address)
- Right back: If a change to a user object occurs in AD do you want the original values (from the Identity Vault) to change it back again?
- What are the business rules or the password policy for creating passwords?
- How are initial/default passwords determined? How are they communicated to users?
- Are there any additional users that will need to be populated into AD during this implementation?
- If yes, from what source(s) will Active Directory be populated during implementation?
Development / Test Environments #
- Do you have separate development and test environments? If not, what is the lead time to provide a development environment?
- Do you follow any configuration management processes? If yes, what are they?
- Do you have any service location protocol (SLP) installed in your environment? If yes, what is it?
Deployment / Implementation #
- What are your current maintenance schedules (i.e. health checks, scheduled downtimes, time slots for downtime)?
- What backup and recovery procedures to you have?
- What change management procedures to you have?
- Are there any additional comments, risks, assumptions or issues that we should be aware of for this project?