MEC 2001, ORLANDO, Fla. - Active Directory (AD) is a popular feature of Windows 2000, and Microsoft is actively directing user feedback back to Redmond to improve AD.
Microsoft learned a thing or two about AD from its deployments, said Stuart Kwan, group product manager for Active Directory. One notable lesson was that non-technical issues are often more problematic than purely technical ones.
To begin with, deployment requires a paradigm shift in thinking "not a weekend of looking over a book," Kwan said. There are also "political" issues because deploying AD requires different groups to work together, such as Windows and DNS groups.
On the technical side, potential group replication collisions are possible. Replication creation can also take a long time. Some migration tools have been missing, Kwan said. Out-of-the-box monitoring is also needed.
Kwan added that better reference material is being written, notably a document on best practice operations due early next year. The material will have sections that "if something goes wrong, then do this."
Microsoft has some first-hand knowledge about deploying Active Directory. The company deployed it before shipping Windows 2000. It was able to reduce child domains from 433 to 14 and trusts between servers from 5,000 to 13.
With .Net, however, users will be able to deploy Global Catalogs in remote locations. Users will no longer have to log in the Global Catalog each
Microsoft is also looking at some improvements beyond .Net. One goal is to simplify Active Directory operations so more users can use it. Another is to address multi-forest directories, which will become ever more important as companies merge. Ultimately, directories can be linked using Microsoft Passport as the authenticator, Kwan said.
FOR MORE INFORMATION ABOUT ACTIVE DIRECTORY:
SearchWin2000's Featured Topic section.
SearchWin2000's Best Web Links
SearchWin2000's Active Directory Forum
Got questions about Win2k migration? Go to searchWin2000's Ask the Expert section and query Paul Hinsberg.