Educause Security Discussion mailing list archives
Re: Secondary AD domains for students - good or more work when not needed?
From: Terry Jolley <terry.jolley () PCC EDU>
Date: Wed, 19 Apr 2017 21:32:02 -0700
Hi All, I am new to this Educause group and looking for advise or best practices. We are a large community college and have just implemented Microsoft Active Directory for all faculty, staff "employees" and classroom/general use computers. We now need to figure out how to handle student accounts. Do we add students to the existing AD domain, possible using a "student" OU or do we create a secondary AD Domain to create a security perimeter from our employee domain? We also would most likely move the classroom/general use machines to this secondary domain if we go that route. We would not want students to be able to login to a "employee" computer joined to AD, but they should be able to login to a classroom, lab, general use computer using their AD credentials. We also currently use a defined OU structure that separates classroom/general computers at the root level from employee computers within the one domain.. Looking for any advise on this topic...We have some use cases where "employees" will have to login to the classroom/general computers so AD "trust" between the sub domains will be required. Again, reason for secondary "student" domain is based on general security preferences, but if there is a better way of handling while keeping everyone in one domain it would be preferred.. Thank you for your time in this matter. Terry Jolley Portland Community College
Current thread:
- Re: Secondary AD domains for students - good or more work when not needed? Terry Jolley (Apr 19)
- Re: Secondary AD domains for students - good or more work when not needed? Eric Lukens (Apr 20)
- Re: Secondary AD domains for students - good or more work when not needed? Allen Wood (Apr 20)
- Re: Secondary AD domains for students - good or more work when not needed? Nicholas Garigliano (Apr 20)
- Re: Secondary AD domains for students - good or more work when not needed? Eric Lukens (Apr 20)