Here at the Law School, we've used campus AD for our student lab since the campus AD started (2003?). For this semester we're moving our students from using windows file share based home directories to the campus WebFiles service. We purchased the client software from Xythos to make the drive map just like a regular windows drive mapping so to the students it should be nearly seamless. This eliminates our need to maintain a file server for student data and lets our students take advantage of the free 50Mb that WebFiles gives them (though we did pay IST to have their quotas increased).
I expect that next year we will ditch roaming profiles entirely and just use loopbacks because the profiles become less and less useful to our students each year as more applications move to the web. Right now it's really just IE bookmarks and some Office preferences. Once that's done, we won't need to take ownership of the student objects and all we'll need to do is add the community student objects into the right groups so they have permissions. It couldn't be easier, and I look forward to spending about 10 minutes to set up our 1000+ students every year.
In addition, moving to WebFiles means that we don't have to deal with giving all of our students the campus VPN software and helping them set it up to access files from home.
Ryan
> -----Original Message-----
> From: owner-micronet-list@lists.berkeley.edu
> [mailto:owner-micronet-list@lists.berkeley.edu] On Behalf Of
> Mike Blasingame
> Sent: Thursday, August 17, 2006 12:10 PM
> To: Jon Forrest; micronet-list@listlink.berkeley.edu
> Subject: RE: [Micronet] Running an Independent Active Directory
>
> Hi John,
>
> Thank you for your wonderful vote of confidence! :~)
>
> With a couple of exceptions, student user objects are made
> available to all OU administrators in the CalNetAD forest as
> a 'shared resource'. When students log on to computer
> objects in an OU, the OU Administrator can use loopback
> processing of Group Policy to apply user settings for these
> student accounts that are not in their OU.
>
> Loopback processing does not allow roaming profiles.
> However, you can use folder redirection to obtain *most* of
> the benefits of roaming profiles.
>
> Does this change your vote?
>
> Thanks,
> -Mike Blasingame
>
>
> -----Original Message-----
> From: owner-micronet-list@lists.berkeley.edu
> [mailto:owner-micronet-list@lists.berkeley.edu] On Behalf Of
> Jon Forrest
> Sent: Thursday, August 17, 2006 11:30 AM
> To: micronet-list@listlink.berkeley.edu
> Subject: Re: [Micronet] Running an Independent Active Directory
>
> John E. Weber wrote:
> > Hi Jack,
> >
> > This is most likely a DNS issue. The DC needs to register (at a
> > minimum) SRV and A records for itself, and needs to publish
> a GUID so
> > your machines can find a global catalog. Host files only tell
> > machines to resolve somewhere, but Active Directory needs much more
> > than this because AD uses DNS to advertise services.
>
> This is all true. Note that when you create a DC, it creates
> a file called \WINDOWS\SYSTEM32\CONFIG\NETLOGON.DNS
> containing all the DNS records that you'd need to add to a
> DNS server in order for all this to work correctly.
>
> Right now I'm running both my own Active Directory and DNS
> server, and have been doing so for about 4 years. This has
> all worked great, partially because I've been using Windows
> Active Directory integrated DNS servers so all this happens
> automagically. However, I'm very close to giving up running
> DNS servers in favor of using the campus DNS servers, so I'm
> planning on making use of the NETLOGON.DNS files when I add DCs.
>
> > Pardon the shameless plug, but you'd be better off (and
> save a lot of
> > time) by joining CalNet AD, which is a free service.
>
> Switching over to this will be my next step. Things are a
> little more difficult when it comes to having student PC labs
> with accounts using roaming profiles, but Mike Blasingame
> assures me that there are solutions for all this, and I believe him.
> There are two main reasons why this would be a good thing,
> 1) CalNet AD has a bunch of high end redundant equipment to
> run the AD, and presumably people around all the time in case
> of problems, 2) Maintaining computer accounts for ~1000
> students is a big pain so I'd rather use the campus directory.
>
> Cordially,
>
> --
> Jon Forrest
> forrest@ce.berkeley.edu
> Computer Resources Manager
> Civil and Environmental Engineering Dept.
> 305 Davis Hall
> Univ. of Calif., Berkeley
> Berkeley, CA 94720-1710
> 510-642-0904
>
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Thu Aug 17 12:42:24 2006
This archive was generated by hypermail 2.1.8 : Thu Aug 17 2006 - 12:42:24 PDT