How should your school be managing its Active Directory

Standard

So far in our series of best practice implementation for your school network we have had a look at how to use the administrative accounts securely, service accounts, computer naming schemes and server naming schemes.  Over the next few posts we are going to look into Active Directory, Exchange and then SQL Server and how we can make some simple changes to the structure that can help your job a lot easier in supporting the users and managing your environment.

In this post we are going to look at Active Directory and I already know that a lot of you are going to see this post and think ‘doesn’t everyone already do this’.  You’ll be surprised in the number of ICT Support team who implement this simple Active Directory structure for there school and then keep it up to date.

There are 3 main different types of objects for you to manage for your school.  These are users, groups and computers.

Users

I’ve seen some very well implemented and up to date Active Directory and I’ve also seem some that have no implementation through at all and the update ones also have the right structure to support their user base.  I connected to a school recently that kept all their users in the built in User Organisation Unit in Active Directory with all their groups.  The school was around 1,100 students and they had over 3,000 accounts.

The best way to separate your users is to use Organisational Units also know as OUs, they have been designed for you to separate your organisation into what ever structure that suits you.

I always start with a top level Organisation Unit that is the school name or some kind of Prefix of the school.  I now know that everything is below this OU and I can easily find it.

Create 3 new OUs called Users, Groups and Computers.

image

In any school we have teachers and students, again separate these by create to new OUs under Users.  You may also have other users in your network to all parents/family members and governors, create an OU for each of these.

image

You can separate your staff into different organisation if you want such as teaching staff, admin staff for example but that’s for you to decide and how you want to manage those groups.  For now we’ll continue with students.

We now need to split our students into different OUs which will be the year they join the school in year 7.  This is most common in schools I visit.  When a new students starts in Year 9 they are still added to the OU that presents the year they would have started in Year 7.  Create an OU for each year group.

image

Groups

You may think there are only a few groups needed in your school and depending on the other services you offer in the school you may be right but we still need to manage these.  Under your Groups OU you will want to create OUs to separate students groups and teaching groups such as departmental groups so each department have a group, each year will have a group and of course an all staff group.

image

Your All Student groups doesn’t have to have each student in it.  Instead add all the year groups in instead so you only have to manage one group for each user instead of two.

SNAGHTML672b3d5

Computers

Groups Policies play an important part in your security and configuration of your network.  Some use it to deploy software to computers but to do this you need to be able to manage licenses so creating OUs for each classroom can help.  Consider this part to be a break down of your school by location.  If you have two builders start off with these and break it down to floors and rooms.

image

 

3rd Party Tool

I’m very proud to have worked with SalamanderSoft in the past on the Learning Gateway Conference.  They have a tool that can manage all this for you, create security groups based on your timetable and add and remove students and staff as and when they leave the school.  I highly recommended this product. http://www.salamandersoft.co.uk/.  The product doesn’t do Computers but it will save you a lot of time with managing user accounts and groups.

eBook:Moodle 2.0 with Microsoft Technologies

Standard

A month or two ago I thought about all the content there is currently available on the internet regarding Moodle 2.0 and Microsoft technologies.

There this isn’t very much so I’ve spent the last month or two writing and writing and writing putting together an ebook together looking at 7 different areas.  The book is available in 3 different formats PDF, epub and mobile.

You can purchase the book from the BFC Networks Shop at £15.00 by clicking on the image below.

FrontPagePreview

http://www.bfcnetworks.com/products-page/moodle/ebook-moodle-2-with-microsoft-technologies/

  • Chapter 1: Install Moodle 2.0 on Windows Server, SQL Server Express, IIS and PHP
  • Chapter 2: Install Moodle 2.0 on 2 web front ends, SQL Server Cluster with IIS and PHP
  • Chapter 3: Configuring mail in Moodle 2.0 with Microsoft Exchange
  • Chapter 4: Configuring Moodle 2.0 authentication with Active Directory
  • Chapter 5: Configuring Active Directory Attributes for Moodle users
  • Chapter 6: Configuring Kerberos authentication for Moodle 2.0
  • Chapter 7: Configuring Single Sign On with Moodle 2.0

Can you view the content of the book by clicking here

Learning PowerShell: Part 2

Standard

In my previous post I looked at some of the very basics of PowerShell but now its time to create some scripts.

I’m always building new virtual machines on my laptop and I’m fed up having to add IP Address and how I have click so many times to add this and type in a new computer name.

So thought PowerShell can solve this problem for me.

The first issue I had was that there are some security issues to stop you from just running scripts that change computer settings like this.  First run the command before to change the execution policy on your computer.  You then have to confirm that you want to do this.

   1: Set-ExecutionPolicy Unrestricted

image

Firstly I want the script to prompt me what computer name I want and then the different IP settings for the server.  I type in $NewName=Read-Host “Computer Name”.  If we break this down a little you’ll see the different settings you’ll need for your script.

The $NewName is your variable to store what you have typed.  Later in your script where you type $NewName it will be replaced with what you type when you were prompted.  Where you can see “Computer Name” is the text that will show up on screen as the descriptions of your prompt.

If we run this simple command below it will prompt me for the new computer name and then display it on the screen

   1: $NewName=Read-Host "Computer Name"

   2: echo $NewName

image

Here on the 3rd line you can see it has displayed what we typed when prompted.

To actually change the computer name we need to run 2 lines of PowerShell in our script.

Have a look at the code below and you will notice on the second line it has $newname which is from the prompt earlier.

   1: $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem

   2: $ComputerInfo.Rename($NewName)

When adding this to what we already have we the script will change the computer name to what we were prompted.  The computer will then change name after a restart.

A new command line tool that I have started to use in recent weeks since I started looking at Window Server 2008 Core is netsh.exe.  Netsh allows you to control the behaviour of the networking on your windows device.  I change change the IP Address, change the name from Local Area Connection to what ever you want it to be.  I can also change the firewall settings as well.

We’re going to add a few more prompts for the IP Address, Subnet Mask, Default Gateway and DNS Server and these will be used during the netsh commands.

All together we have 3 netsh commands in this script, one will set the IP, Subnet and Default Gateway, one will set the DNS Server and other will turn the firewall off (in my development areas I turn my firewall off).

Below is the full script to change the computer and it will have ask for prompts and add the right information into the script.

   1: #Prompts

   2:

   3: $NewName=Read-Host "Computer Name"

   4:

   5: $addres=Read-Host "Please state the IP Address"

   6: $subnet=Read-Host "Subnet"

   7: $defag=Read-Host "Default Gateway"

   8: $dns=Read-Host "DNS"

   9:

  10: #Change Computer Name

  11:

  12: $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem

  13: $ComputerInfo.Rename($NewName)

  14:

  15:

  16: #IP Address

  17:

  18: netsh int ipv4 set address "Local Area Connection" static address=$addres mask=$subnet gateway=$defag gw=1

  19: netsh int ipv4 set dnsserver "Local Area Connection" static $dns

  20:

  21: netsh firewall set opmode disable

  22:

  23: restart-computer

Introduction to the Microsoft Learning Gateway

Standard

The Microsoft Learning Gateway (MLG) consists of many products from Microsoft from Windows Operating Systems to the Office System.  SharePoint is a product that is required to make up the MLG but other products that can be added, these are not necessary to make up your MLG.

What does Microsoft say on the Learning Gateway?
“The Learning Gateway from Microsoft is a solutions framework that helps improve education by integrating the tools you already use and putting them to work connecting people with the information and processes they need to teach and learn more effectively. “

It’s all about using Microsoft technology in teaching and learning.  How it is used depends on the school/college/university and the processes within the school.

What products does it include?
Well it could be any of the Microsoft products – it depends on how you use it in teaching and learning.  SharePoint is the main product as it can deliver content to the pupil through a web page but here is a possible list.  Learning Gateway Version 3 includes the below list but you can use previous versions as they can be integrated as well.

ú         Windows 2003 Server

o   All products are installed on the latest Windows Server technology

o   www.microsoft.com/windows2003/ 

ú         Active Directory

o   AD is used as the log on service for all users

o   www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/ 

ú         SQL Server 2005

o   The database server used for SharePoint, SharePoint Learning Kit as well as other products

o   www.microsoft.com/sqlserver/

ú         Exchange 2007

o   Email Service for all pupils/staff

o   www.microsoft.com/exchange

ú         Office Communications Server 2007

o   Instant messaging including voice and webcam services

o   office.microsoft.com/en-us/communicationsserver/

ú         SharePoint 2007

o   Main delivery point of content through a web page

o   www.microsoft.com/sharepoint/

ú         SharePoint Learning Kit

o   Microsofts Virtual Learning Environment solution

o   www.codeplex.com/slk

ú         Internet Accelerator and Security 2006

o   Firewall protection

o   www.microsoft.com/isa

ú         Microsoft Learning Gateway Web Parts/Templates for SharePoint 2007

o   www.codeplex.com/lg

Client Software 
You can use previous version but for full functionality for the above products you need.

ú         Windows XP/Vista

o   Client OS

o   www.microsoft.com/windowsxp/

o   www.microsoft.com/windowsvista/

ú         Office 2007

o   Microsoft Office system including, Word, Excel, PowerPoint, Outlook (not necessary for Exchange 2007), Publisher, Access, InfoPath, Groove, OneNote.

ú         Internet Explorer 7.0

The extent of the Microsoft Learning Gateway is never ending.

I would like to blog somewhere else for the Microsoft Learning Gateway as it is more than just sharepoint.  Can anyone recommend anywhere?

You thoughts and views are always welcome.