Contact Us

Kevin Vaccaro
Phone: 773-702-6198
vac1@uchicago.edu

Home > Documentation > UCAD > UCAD Governance > AD Administrators Group Charter

AD Administrators Group Charter

UCAD Home | Glossary | Policies | Diagram | Support for Administrators | Governance

Click here for a printable version of this document.

AD Administrators Group Charter

12 July 2004

Mission

The AD Administrators Group determines operational standards for the University of Chicago Active Directory forest (UCAD) in support of the interests of the University of Chicago as a whole. They ensure that upgrades and extensions to operational elements proceed in an orderly and thoughtful manner, determine best practice to be followed by all domain administrators, determine advisory operational guidelines for OU administrators, and are responsible for ensuring the continued adherence to security and operational standards of all elements of the UCAD infrastructure.

Authority

Most daily domain maintenance activity within UCAD will be undertaken by domain or enterprise administrators autonomously, under the authority of their own division, school, or operating unit, and mostly without the need to coordinate with the AD Administrators Group. However, the AD Administrators Group determines baselines and guidelines for certain normal operational activities that its members must adhere to. These are:

  • Setup a new member server for the domain.
  • Administration of domain local user accounts.
  • Creation and delegation of global groups.

The AD Administrators Group is also authoritative for:

  • Operational plans implementing changes to UCAD that are required by the AD Steering Group.
  • Determination of training or other professional prerequisites that candidate members must meet before assuming membership in the AD Administrators Group.

Responsibilities

  • Oversee the planning and execution of the addition of a new domain to UCAD or removal of an existing one.
  • Oversee the planning and execution of the addition or removal of a trust relationship between UCAD and a security realm external to UCAD.
  • Oversee the planning and execution of any extensions to the UCAD forest schema.
  • Keep abreast of new or upgraded technologies and best practices that may significantly improve UCAD infrastructure or operating procedures.
  • Prepare recommendations to the AD Steering Group on proposed changes to UCAD domain structure, external trusts, forest schema extensions, or on any potentially substantial change to the technologies that constitute the UCAD infrastructure.
  • Periodically review, update, and promulgate minimum operational standards for configuration and operation of any UCAD member server.
  • Periodically review, update, and promulgate minimum operational standards for domain local user accounts.
  • Periodically review, update, and promulgate guidelines for creation and delegation of global groups.
  • Periodically review, update, and promulgate advisory operational guidelines for OU administrators.
  • Circulate Requests for Comments on proposals that impact the operational authority that may be granted to OU administrators. RFCs should be circulated to the general University of Chicago technical support community by the best means available. RFCs should clearly indicate the manner and timeframe within which responses will be collected.
  • Facilitate access by identified persons representing the security or legal interests of the University of Chicago to security, event, and audit log entries produced by a UCAD member server. Ensure that no other access to security, audit, or event logs for any UCAD server or service is granted except as required for normal operations.
  • Liaise with and report to the AD Steering Group by ensuring that the AD Administrators Group Chair, Vice-Chair, or other member (listed in order of preference) attends each meeting of the AD Steering Group.

Membership

All persons who can exercise the privileges of Domain Administrators or Enterprise Administrators within UCAD must belong to the AD Administrators Group. Membership status for persons in transition with regard to these privileges will be determined on a case by case basis by the AD Administrators Group. Membership may also be contingent on meeting specified training requirements or other professional preparation as determined by the AD Administrators Group.

AD Administrators Group members have a great deal of responsibility for the operational integrity of substantial information technology assets of the University of Chicago. This level of trust obliges its members to act in the best interest of the University of Chicago as a whole. That is, the good of the University outweighs the good of one of its units. Failure to demonstrate this level of trust and perspective are grounds for removal from membership and, consequently, loss of domain or enterprise administration privileges. The AD Steering Group has the authority to remove a member from the AD Administrators Group for this cause.

Decision Making

The AD Administrators Group will elect a Chair and a Vice-Chair to each serve one-year terms. The Chair is responsible for maintaining the agenda, calling formal meetings, and being the liaison with the AD Steering Group. The Vice-Chair will become Chair at the end of the Chair's term, and will in other respects act as the Chair in their absence.

Formal meetings of the AD Administrators Group will occur once each month unless there is no business pending. Formal meetings may be called at other times as may be needed. Formal meetings should be announced to the general University of Chicago technical support community using the best means available. Email-based, virtual, or face to face informal meetings may occur at any time.

The operational standards, advisory guidelines, implementation plans, etc, produced by the AD Administrators Group in exercise of its responsibilities should represent a concensus of its members. Should a concensus fail to be achieved, competing options must be presented to the AD Steering Group, who will attempt to help the AD Administrators Group come to a concensus. If concensus remains unachievable, the AD Steering Group has the authority to resolve the failure of concensus by choosing one of the competing options.

Any impasse to the satisfactory operation of the AD Administrators Group will be resolved by referring the matter the AD Steering Group.


Return to UCAD Governance

Last updated: 6/6/07