Skip Ribbon Commands
Skip to main content
Sign In
Last modified at 5/12/2015 9:43 AM by Kevin Burney Windows System Admin

CalNetAD Design


UC Berkeley has extended the CalNet System to include integration with Microsoft Windows Active Directory (AD), bringing CalNet services for single sign-on and directory information to Windows computers on campus. AD is Microsoft's implementation of a unified directory service and authentication system for Windows-based computers. In many ways, AD is like CalNet itself, using many of the same technologies as CalNet to form a basis for the AD system. Because AD uses common standard technologies like LDAP3, DNS, and Kerberos 5, we are more easily able to integrate AD into the CalNet system and existing campus DNS infrastructure.

The CalNet Active Directory (CalNetAD) is a campus-wide service provided by IST-IS. There are no charges for the CalNetAD service. University departments typically participate by becoming an Organizational Unit (OU) within the CalNeAD forest. Since departmental system administrators are given full control of all objects within their OU, it is no longer necessary for departments to maintain their own Windows Domain infrastructure as a security boundary. This can lower a department's overall computing costs by reducing the staff time and equipment required to maintain Windows domain controllers. In CalNetAD, a department can maintain complete control and security over the computing services within its OU by using group policy Access Control Lists (ACLs) and security groups. Departmental system administrators can prevent access to sensitive departmental information by anyone without permission.