<Ninth of Many> Cross-Realm Abatement from John Edward WEBER, IV on 2007-12-13 (Micronet Mail Archive)

From: John Edward WEBER, IV <johnweber_at_berkeley.edu>
Date: Thu, 13 Dec 2007 13:25:04 -0800

Fellow CalNetAD Admins and Micronetters,

My apologies for the cross-posting, but I wanted to reach anyone who has
somehow missed our previous eight communications. This notice is for OU
Administrators of the CalNet Active Directory Service.

The deadline is quickly approaching! If you haven't started to test the
GPO in your environment, please do so as soon as possible.

This is a reminder that the CalNetAD team will not be supporting
cross-realm authentication with the MIT KDC (BERKELEY.EDU) after January
7, 2008. A domain wide GPO (Campus - Remove BERKELEY.EDU cross-realm)
is available to remove Windows 2000/XP registry keys that point to the
MIT Kerberos Realm. OU administrators should start to test this GPO in
their environment as soon as possible, as OU administrators are expected
to apply this GPO to their OU structure prior to January 7.
Instructions detailing how to link to this GPO are available at:

http://calnetad.berkeley.edu/documentation/crossrealm/crossrealm.html

Most importantly, OU administrators will need to educate their user
population in regards to user credentials:

    * The "BERKELEY.EDU (Kerberos Realm)" drop down in the Windows logon
GUI will no longer be present
    * "username_at_BERKELEY.EDU" will still be valid, however
    * Users can also select "CAMPUS" from the drop down menu, or can
type calnetid_at_CAMPUS.BERKELEY.EDU

Non-joined machines with registry modifications that point to the MIT
KDC will need changes as well. Below is a link to a registry script
that can be run (under an administrator context) to perform this
cleanup.

http://calnetad.berkeley.edu/documentation/scripts/norealm.reg

After January 7, student employees will no longer be able to access
CalNetAD resources with his/her employee ID. However, his/her CalNetID
(student ID) will still work.

Your assistance is greatly appreciated. Please contact us if you have
any questions.

Thanks,

John E. Weber
Microsoft Certified Systems Engineer
Infrastructure Services - OneIST
Campus Active Directory Architect, CalNet Active Directory
University of California, Berkeley
johnweber_at_berkeley.edu
2195 Hearst Avenue, #300B-07
(510) 847-9756
http://windows.berkeley.edu

-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Received on Thu Dec 13 2007 - 13:25:22 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 13 2007 - 13:25:22 PST