A Window into interoperability

Expert Laura E. Hunter explains the need for interoperability in Active Directory for netowrks running on Windows and non-Windows platforms.

In the early days of Active Directory and other Windows server products, Microsoft seemed to be betting the farm on the idea that enterprise networks would rely solely on Windows-based technologies for all aspects of their infrastructure. This quickly proved to be far from accurate, however, as it became clear that even moderate-sized networks often need to interoperate with non-Microsoft line of business applications and heterogeneous...

operating systems on both the server and client sides.

In order to be considered a viable option for an enterprise network, AD needs to be able to provide a way to integrate and interoperate with a multitude of technologies, including those that run on the Windows platform and those that rely on UNIX, Linux or other third-party or open-source operating systems.

A common example of this need for interoperability is an organization that wants to deploy Active Directory but that is committed to an existing UNIX BIND DNS infrastructure. While much of the documentation that you'll find on AD assumes that you're working in a pure Windows 2000 or 2003 DNS environment, most of the DNS features that you'll need to support AD installations are available with all modern DNS implementations. As long as you're running a recent version of the BIND DNS software, it will be a relatively simple matter to integrate your Linux DNS with 2000 or 2003 AD. You can either use your existing BIND servers to support your AD deployment, or you can delegate a portion of your DNS infrastructure to be run by your AD administrators to let your clients take advantage of certain Windows DNS-specific features such as AD-integrated DNS zones and secure dynamic updates.

More on this topic:

With Active Directory, interoperability is a must

Integrating Linux and Active Directory isn't as daunting as you think

Another component of Windows that improves its interoperability is Windows Services for UNIX (SFU), which is freely downloadable from the Microsoft Web site (an expanded version of this is built into the upcoming "R2" release of Windows Server 2003). You can use SFU to allow your Windows clients to access resources on UNIX servers or your UNIX clients to access Windows-based resources, both without needing to install additional software on your UNIX hosts. SFU also allows you to map UNIX user names to Windows SIDs and vice versa, allowing your users to come closer to the elusive "single sign-on" experience.

You even have the ability to synchronize two completely separate directory services so that user information can be updated seamlessly in multiple locations, whether you're talking about multiple Active Directory forests or synchronizing AD with a third-party application or service, including SAP, PeopleSoft, and Lotus Domino.

The Microsoft Identity Integration Server (MIIS) allows you to create connection agreements between many different data stores so that user information and passwords can be maintained across the enterprise. MIIS currently comes in two versions. The Identity Integration Feature Pack (IIFP) is a free download but can only synchronize information within Active Directory itself, Active Directory Application Mode (ADAM), and Microsoft Exchange 2000 and 2003. If you need to integrate with other data sources, including Exchange 5.5, you'll need the full-blown paid version of MIIS which allows for synchronization with a much wider range of data sources.


10 tips in 10 minutes: Windows IT management

  Introduction
  Tip 1: The long-range plan for 64-bit hardware
  Tip 2: A Window into interoperability
  Tip 3: Third-party software: Do you need it?
  Tip 4: Buy 64-bit now; you won't regret it
  Tip 5: Maintaining a secure Active Directory network
  Tip 6: Firewalls can help or hurt, so plan carefully
  Tip 7: Weak passwords can make your company vulnerable
  Tip 8: Keys to finalizing your Active Directory migration
  Tip 9: Network safety relies on reaction time to Patch Tuesday
  Tip 10: Make friends with your security auditors


Laura E. Hunter (CISSP, MCSE: Security, MCDBA, Microsoft MVP) is a senior IT specialist with the University of Pennsylvania, where she provides network planning, implementation, and troubleshooting services for business units and schools within the university. Hunter is a two-time recipient of the prestigious Microsoft "Most Valued Professional" award in the area of Windows Server-Networking. She is the author of the Active Directory Field Guide (APress Publishing). You can contact her at laurahcomputing@gmail.com.

Dig deeper on Storage Area Network (SAN) Management for Windows

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close