We realize that a Campus wide AD Forest may not meet the needs of a individual department. When going on your own with AD you take on the responsibility of funding and managing your own environment and forgo the benefits of the campus forest.

The biggest benefit to having a private AD forest is that you are isolated and have complete control over 100% of your environment. However please consider the following issues when hosting your private AD forest.

• Consulting for departments using a private AD forest will be billed at the standard ACCC rate for server level support.

• Building your own AD Forest may prevent you from joining the Campus wide forest at a later date.

• External trusts (links) into the UIC Campus AD forest are not supported by the ACCC. This means that private AD forests cannot access resources published in the UIC AD forest.

• Full support of Domain, DNS and support services are the burden of the department and their technical staff to fund and resolve problems.

• The ACCC provides AD support at an hourly rate for consulting and support. Priority support is given to departments in the UIC Campus AD forest over private forest support.

• DNS will not be delegated to private AD forests. Clients will have to be configured to point to the departmental DNS servers for name resolution.

• Should you desire to use the UIC Campus AD forest at a later time ACCC consulting fees will apply for the migration.

• Should departmental administrators leave and hand over the private AD forest to the ACCC the following may apply;
  
  • The ACCC will charge the regular consulting rate and move the department into the UIC Campus forest.
    
  • There will be down time associated with the migration and the department will assume all costs associated with the migration.
    
  • This could include moving users off of Microsoft Exchange to our campus supported UICalendar and mail services. You can continue to use Outlook as your client with the campus supported calendar and mail services.

Private AD Forest Guidelines

Computer Names
In order to ensure uniqueness for WINS, OU administrators need to include the unit portion of the UIC DNS name in the first 15 bytes of the computer name. This suggestion must be followed to avoid NetBIOS name conflicts. The ACCC will not intervene in NetBIOS naming disputes if this requirement is not followed.

It is also required that the same name be used for both the computer DNS hostname and the NetBIOS name. As an example, if the current DNS name is homer.cc.uic.edu, then the NetBIOS name would be UIC-CC-HOMER.

DNS Entries
All computers and servers must have their IP information registered with the ACCC - Networks group. This policy is enforced for all departments on campus including those behind firewalls.

Domain Name Servers (DNS Servers)
Users of a private AD forest must use the IP addresses of their own DNS servers. Clients need to be configured by local administrator to point to the departmental DNS servers for access to the private AD forest.

DNS zones will not be delegated to private AD forests. Departments will have to configure their clients to rely on the departmental DNS servers exclusively. Active Directory DNS servers must have a registered IP with the UIC Networks group.

PC Security
The recommendations under the security section of this web site must be followed for all machines in the AD forest.

Copyright © 2007 The Board of Trustees of the University of Illinois