Microsoft’s Active Directory provides a convenient way to manage authentication and access control, as well as other information, for resources defined in the directory.
Boston University’s Active Directory is configured as a single forest and Exchange organization, covering academic and administrative needs across both campuses.
Departments no longer need to purchase and maintain domain controllers. Domain controllers are centrally managed by IS&T, monitored 24 by 7, and located in several geographic areas to provide redundancy and ensure reliability. Centrally maintained information is updated constantly and need not be duplicated by departments.
- Authentication to resources such as individual and lab computers can be offered via the standard BU login name and Kerberos password, eliminating the need to create and maintain local accounts.
- Nearly 90,000 Security Groups are automatically maintained through synchronization with information stored in Ph, Boston University’s metadirectory.
- Organizational Unit (OU) administrators can use these automatically maintained groups to control access to resources, such as computers and files.
- Security groups include those based on department affiliation; faculty, staff, or student status; academic major; and curriculum.
- Security Groups are maintained for each section of each course taught each semester; membership is updated daily as students add and drop courses.