|
 Service News
A log of recent maintenance and service changes to the UIUC Active Directory
7-Sep-07 AD-DC-P2 Hard Drive Replacement
On 9/7/07 at 6am a defective hard drive was replaced on the AD-DC-P2 domain controller.
31-Aug-07 AD-DC-P2 Integrated Lights Out Management (iLO) Change
The following changes were made to AD-DC-P2 iLO service:
- Service restored to iLO IP address 172.21.140.131
- DHCP placeholder created on Sparta server for this entry so no hijacking of IP may occur
31-Aug-07 Windows Firewall Change on Domain Controllers
The following changes were made to the SCW profiles
- Addition of the newly created UIUC-CITESBDC-NET vlan to Ports 135, 5101, and ports used by NetLogon
- Addition of 128.174.196.129 AD-DC-P2 IP address to port 5102 for AD DC replication
- Removal of old DS User Services IP address for AD-DC-P1 from port 5102 for AD DC replication
31-Aug-07 Scheduled Patching
The following hotfixes were applied to all domain controllers: 921503, 932596, 933360,
933579, 936021, 936782, 937143, 938127, and the IE 7.0 Browser.
24-Aug-07 AD-DC-P1 Domain Controller IP Address Change
At 5:00am on 8/24/2007, the AD-DC-P1 domain controller was removed from the uiuc-usersrv-net to the new
uiuc-citesdc-net address (128.174.5.141). Campus DNS and AD DNS have reflected this change appropriately.
17-Aug-07 AD-DC-P2 Domain Controller IP Address Change
At 5:00am on 8/17/2007, the AD-DC-P2 domain controller was removed from the uiuc-citesdc-net to the new
uiuc-citesbdc-net address (128.174.196.129). Campus DNS and AD DNS have reflected this change appropriately.
13-Aug-07 Windows Firewall Change on Domain Controllers
Added the 128.174.196.0/255.255.255.0 address range to all three domain controller firewalls.
Also added onto port 5102 the new IP address of the ad-dc-p2 domain controller 128.174.196.129
which will take effect on 8/16/2007 at 5:15pm
27-Jul-07 Domain Controller SSL Certificates Renewed
The Thawte SSL certificates on both ad-dc-p1 and ad-dc-p2 were renewed for secure LDAP connections.
14-Jul-07 Scheduled Patching
The following hotfixes were applied to all domain controllers: 926122, 926365, 928366, 936357.
1-Jul-07 Scheduled Patching & Windows Firewall Change on Domain Controllers
The following hotfixes were applied to all domain controllers: 927891, 929123, 933566,
935839, 935840. Also the 72.36.61.0/255.255.192.0 subnet was added to the firewall to allow
access.
6-Jun-07 DNS Scavenging
The ad.uiuc.edu DNS zone on P1 and P2 have been modified. Scavenging has been set at
7 days this will facilitate the deletion of old machine accounts in DNS.
19-May-07 Service Change
A change was made to the registry of AD-DC-P1.ad.uiuc.edu and AD-DC-P2.ad.uiuc.edu
in order to unblock RPC access to DNS running on those servers. This registry entry was a workaround
until Microsoft could release a permanent hotfix to correct the security vulnerability. The permanent
hotfix was applied on 5/19/07 to both DCs.
19-May-07 Scheduled Patching
The following hotfixes were applied to all domain controllers: 925876, 931768, 934268, 935966.
2-May-07 Scheduled Patching
The following hotfix was applied to all domain controllers: 934238.
20-Apr-07 Windows Firewall Change on Domain Controllers
All 3 DC’s were reconfigured using SCW to add the new subnet 72.36.93.0/24 for Research Park.
15-Apr-07 Scheduled Patching and Installation of Windows Server 2003 Service Pack 2
The installation of Win2k3 SP2 was applied to all domain controllers. The following 3 hotfixes
were applied to all domain controllers: 925902, 930178, 932168.
15-Apr-07 DNS RPC Registy Edit to Block Access
A change was made to the registry of AD-DC-P1.ad.uiuc.edu and AD-DC-P2.ad.uiuc.edu in order
to block RPC access to DNS running on those servers. This is in response to Microsoft security alert (935964)
described in this bulletin Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
The bulletin also describes the changes made to the registry until an official patch is released at which time the workaround will be removed.
22-Mar-07 Change to Campus Accounts OU Access Control List (ACL)
The following ACLs were modified: removed "Authenticated Users" - Read access, added "Authenticated Users" - List Contents,
added "Windows Authorization Access" - Read.
26-Feb-07 Additional Attribute indexing for Mac OS X
The following AD attributes have been index for LDAP searches: macAddress, Atrribute-ID, Attribute-Syntax, Governs-ID.
26-Feb-07 Schema Extension for BitLocker in Vista
Schema mod and permission changes for BitLocker have been performed as outlined here:
AD & Bitlocker
1-Jan-07 macAddress atrribute now Optional in Computer Class
The macAddress attribute is now an optional attribute of the computer class.
This change was made based on recommendations from Apple to better support OSX systems in AD.
Also note that the previous indexing of this attribute should no longer be considered temporary.
|