Active Directory unification is underway across our campus environment, and it's a good time to clarify some policies and standards.
Current administrators of an Active Directory domain in colleges, divisions, & departments (as well as all Technology Services IT professionals) should be aware of the following policy & standard clarifications from the IT Security & Risk team:
- The office of the CISO must approve the creation of any new one-way or two-way trusts between the AUTH or ADS domain and another domain.
- One-way trusts are always given preference. Two-way trusts are not necessary in most cases.
- Any new trust must be associated with an active project led by the Project Management office and will only be approved for the purpose of transitioning services and users from a legacy domain into AUTH.
- Absolutely no new Active Directory domains should be created from this point forward.
Please reach out to security@tamu.edu if you have questions or concerns.
- IT Security & Risk Team