Texas Tech University.
TTU Home IT Division Telecommunications

Windows AD Architecture

This section contains TTUnet Windows Active Directory Architecture. If you have questions about the information contained herein, please contact the Director of Telecommunications.

General Requirements

  1. A hierarchical Active Directory structure within a single production Windows domain which follows the Internet DNS naming scheme.
  2. Telecommunications will provide and maintain all Active Directory services on the Texas Tech University network.
  3. Provide for a university-wide, single sign on authentication structure which Windows system administrators can join and utilize for granting access to their resources.
  4. Provide a secure Kerberos authentication environment.
  5. Departmental resources should be located within the appropriate OU
    1. The OU naming scheme follows network department codes (e.g. ou=dept,dc=ttu,dc=edu or ttu.edu/dept).
    2. Departmental OUs are created upon appointment of one or more Network Site Coordinators (NSCs).
    3. NSCs are delegated full control of the associated OU.

OU Naming Standard

The current naming scheme utilizes a "departmental" (includes colleges & divisions) name  immediately preceding the 'TTU.EDU' domain name.  A list of the departmental codes and descriptions is available online.  Active Directory Organizational Units will follow the same naming scheme (e.g. OU = <dept>.ttu.edu)

Consolidating the Windows Active Directory Structure

Non-sanctioned Windows domain and Active Directory structures must be consolidated into Texas Tech University's TTU.EDU Windows domain.  In order to facilitate the migration of non-sanctioned Windows domains into the AD structure, temporary trusts may be assigned. These temporary trusts allow system wide authentication access while migrating to an organizational unit. Trusts will only be allowed with the TTU.EDU Active Directory Domain during a migration scenario.

 

 ttu.jpg