<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!!Active Directory 

* What is the name of your AD Domain?
* What is the name of your AD Forest?
* What is the current Windows environment? (i.e.: Windows NT, Windows 2000, Windows 2003)
* How many servers 
* What are the specifications? (Brand RAM Disk etc.)
* What other services/software are linked with Active Directory (i.e.: Microsoft Exchange)?
* Describe the current NT Domain model (i.e.: single domain, multi-domain with trusts).  
** Would you be able to expand your domain structure down to the user object level and send an electronic copy (i.e.: place snapshots in a Word document)?
* How many users exist in this directory?
* How many groups exist in this directory?
* What users, other than employees, are created (i.e.: contractors, vendors, patients, students)?  Is there a way to distinguish who is an employee and who is not?  How?
* How many domains are in the forest?
* Can you provide the IP Address and authorization to log into production to view the directory?  If not for this phase for the Design/Development phase?
* Do you have any plans to upgrade this directory in the near future?
* Are there any known data cleansing issues? 
* Are user account names unique across the entire domain or just within a container?

!!!Business Processes 
* Who are your network administrators (the administrators who add and maintain user objects in your directory) for Active Directory?
* Will this be one way from Identity Vault to AD?  If not, what event do you want to flow to IDV?
* What is the business process for adding a new user object?  (What is the means of notification?  What information is minimally required?)
* What is your corporate standard for naming conventions in AD (i.e.: default behavior = full name, CN)
** displayName: (Insert Naming Convention)
** sAMAccountName: (Insert Naming Convention)
** userPrincipalName: (Insert Naming Convention)
** Distinguished Name for AD: (Insert Naming Convention)
* What is the naming algorithm (conflict resolution) for creating new user objects?
* What attributes are normally used to create a user object?  Please identify which attributes are needed minimally (required).
* What attributes default for a user object create and what are the default values?
* What attributes that you are not populating or maintaining currently would you like to see populated and maintained through IDM?
* What is the business process for deleting/disabling a user object?   (i.e.: What is the means of notification?  How long are accounts left disabled before they are deleted? Are the accounts moved to another container?)
* What is the business process for moving a user object?   (What is the means of notification?  Is this done with a move, a delete/create new user, disable/create new user?)
* What is the business process for modifying a user object?  (What is the means of notification?  What attributes are changes normally requested for?)
* What is the business process for renaming an object? 
* What attributes, if any, would you like to come back to the directory? And what is the authoritative source of each? (i.e.: email address)
* Right back: If a change to a user object occurs in AD do you want the original values (from the Identity Vault) to change it back again?
* What are the business rules or the password policy for creating passwords?
* How are initial/default passwords determined?  How are they communicated to users?
* Are there any additional users that will need to be populated into AD during this implementation?  
** If yes, from what source(s) will Active Directory be populated during implementation?

!!!Development / Test Environments 
* Do you have separate development and test environments?  If not, what is the lead time to provide a development environment?
* Do you follow any configuration management processes?  If yes, what are they?
* Do you have any service location protocol (SLP) installed in your environment?  If yes, what is it?

!!!Deployment / Implementation 
* What are your current maintenance schedules (i.e. health checks, scheduled downtimes, time slots for downtime)?
* What backup and recovery procedures to you have?
* What change management procedures to you have?
!!!Miscellaneous
* Are there any additional comments, risks, assumptions or issues that we should be aware of for this project?
</pre>