In the early days of Active Directory and other Windows server products, Microsoft seemed to be betting the farm on the idea that enterprise networks would rely solely on Windows-based technologies for all aspects of their infrastructure. This quickly proved to be far from accurate, however, as it became clear that even moderate-sized networks often need to interoperate with non-Microsoft line of business applications and heterogeneous operating systems on both the server and client sides.
In order to be considered a viable option for an enterprise network, AD needs to be able to provide a way to integrate and interoperate with a multitude of technologies, including those that run on the Windows platform and those that rely on UNIX, Linux or other third-party or open-source operating systems.
A common example of this need for interoperability is an organization that wants to deploy Active Directory but that is committed to an existing UNIX BIND DNS infrastructure. While much of the documentation that you'll find on AD assumes that you're working in a pure Windows 2000 or 2003 DNS environment, most of the DNS features that you'll need to support AD installations are available with all modern DNS implementations. As long as you're running a recent version of the BIND DNS software, it will be a relatively simple matter to integrate your Linux DNS with 2000 or 2003 AD. You can either use your existing BIND servers to support your AD deployment, or you can delegate a portion
Another component of Windows that improves its interoperability is Windows Services for UNIX (SFU), which is freely downloadable from the Microsoft Web site (an expanded version of this is built into the upcoming "R2" release of Windows Server 2003). You can use SFU to allow your Windows clients to access resources on UNIX servers or your UNIX clients to access Windows-based resources, both without needing to install additional software on your UNIX hosts. SFU also allows you to map UNIX user names to Windows SIDs and vice versa, allowing your users to come closer to the elusive "single sign-on" experience.
You even have the ability to synchronize two completely separate directory services so that user information can be updated seamlessly in multiple locations, whether you're talking about multiple Active Directory forests or synchronizing AD with a third-party application or service, including SAP, PeopleSoft, and Lotus Domino.
The Microsoft Identity Integration Server (MIIS) allows you to create connection agreements between many different data stores so that user information and passwords can be maintained across the enterprise. MIIS currently comes in two versions. The Identity Integration Feature Pack (IIFP) is a free download but can only synchronize information within Active Directory itself, Active Directory Application Mode (ADAM), and Microsoft Exchange 2000 and 2003. If you need to integrate with other data sources, including Exchange 5.5, you'll need the full-blown paid version of MIIS which allows for synchronization with a much wider range of data sources.
10 tips in 10 minutes: Windows IT management
Tip 1: The long-range plan for 64-bit hardware
Tip 2: A Window into interoperability
Tip 3: Third-party software: Do you need it?
Tip 4: Buy 64-bit now; you won't regret it
Tip 5: Maintaining a secure Active Directory network
Tip 6: Firewalls can help or hurt, so plan carefully
Tip 7: Weak passwords can make your company vulnerable
Tip 8: Keys to finalizing your Active Directory migration
Tip 9: Network safety relies on reaction time to Patch Tuesday
Tip 10: Make friends with your security auditors
Laura E. Hunter (CISSP, MCSE: Security, MCDBA, Microsoft MVP) is a senior IT specialist with the University of Pennsylvania, where she provides network planning, implementation, and troubleshooting services for business units and schools within the university. Hunter is a two-time recipient of the prestigious Microsoft "Most Valued Professional" award in the area of Windows Server-Networking. She is the author of the Active Directory Field Guide (APress Publishing). You can contact her at email@example.com.