News Stay informed about the latest enterprise technology news and product updates.

Active Directory: Is this what network managers have been waiting for?

The major complaints by network administrators since networks became a necessary reality, is that there are too many directories and too much data to capably manage, too many domains to create, too many users to identify by password and site and too many applications to ride herd on.

While some independent software vendors (ISVs) have tried to provide solutions, none of them appear to have met the needs of administrators to their satisfaction. According to several industry experts, Active Directory, one of the most highly anticipated features of Windows 2000, is the product that finally pulls it all together. However, Active Directory has its limitations, say those same experts, roadblocks Microsoft will have to clear before the product can live up to the hype surrounding its introduction in February.

What does Active Directory do?

Active Directory is a feature within Windows 2000 that is designed to transform a disorganized vault of information, including individual user names, sites and passwords into an organized filing system that can be rearranged at will into various groups and domains as circumstances dictate.

In addition, Active Directory multiplies the filing system contents, replicating directory database information throughout all its locations, allowing one server to perform in lieu of another if a failure occurs.

Specifically, all user information is kept in the directory, which is partitioned, split into chunks and replicated on various computers throughout the network. On the downside, that requires more storage space, but disks are inexpensive and becoming more so. The primary advantage, according to users, is that the central data repository is broken up into small pieces, which can be split up among multiple PCs.

Active Directory also can make copies of pertinent data, placing copies at various places, so users can log in to the directory in an area closer to them. That serves as a redundant failsafe system.

"Active Directory will minimize the number of directories users need," said Microsoft's Peter Houston, group program manager for Active Directory. "We're shipping a lot of interoperative capability in Active Directory, and we're doing this because so many customers have so many directories. Now they can deploy the fewer they do need with a lot less friction."

Basically, Active Directory increases functionality in three areas, Houston said. "First, as an umbrella, Active Directory is an integrated part of Windows 2000, where other (network management systems) on the market are independent of the operating system. Active Directory is designed to be a backbone technology of Windows 2000, when set up with a Windows 2000 domain controller." Houston said Active Directory provides greatly simplified network management, compared with NT 4.0.

Active Directory also provides a security focal point for Windows 2000 and expands what it can do, versus other operating systems, particularly in terms of Internet utilization for secure information exchange, Houston said.

Active Directory's third area of capability is as a platform for other directory-enabled functions, such as deploying application use across groups of users, while shifting responsibility for maintenance, and such problems as forgotten passwords away from the help desk to the immediate supervisor with Active Directory responsibility.

"Once a user has deployed Active Directory, it will become an easy way to leverage into other things. I think people will want to expand on it," said Houston.

Active Directory is an idea whose time has come, said Gil Kirkpatrick, director of engineering for Scottsdale, Ariz.-based NetPro Computing Inc., an independent software vendor that develops programs that enhance network management software. Kirkpatrick is also the author of a book on programming for Active Directory.

According to Kirkpatrick, the basic concept is that there is a lot of network configuration and policy information that is currently in pre-directory networks and exists in random places. That includes names and passwords in one location, while access rights exist somewhere else, and the names and locations of servers, and also PCs likely will be elsewhere.

"The problem is that all of this network information is scattered about in different ways," he said.

As a global network directory, Active Directory centralizes that information for several purposes: To make it easier to manage a large network, reduce costs, simplify administration and increase reliability, said Kirkpatrick. It also provides for scalability, allowing users to build bigger networks, (NT 4.0's total capacity was 40,000 objects while Active Directory is infinitely expandable) and improve performance. "That is what Ative Directory is supposed to accomplish," he said.

Active Directory in practice

Among large-scale users is Wells Fargo Bank, which has standardized on Windows 2000 Server and Active Directory for the company's directory, file and print infrastructure, as well as its platform for applications and Web services. The system is enhancing performance time within the Wholesale Banking Group.

"With Active Directory, we were able to design a directory around our business architecture," said Patrick Collins, vice president and engineering manager of the Well Fargo business group.

"Our evaluation shows that because Active Directory is integrated with our messaging system, our users have fewer passwords to remember, which leads to reduction of support costs, and allows us to consolidate our applications and the majority of our networking infrastructure onto a single platform to drive down management costs," Collins said.

But, Active Directory's very upward scalability has raised questions as to whether smaller network users could benefit from the system's advantages. Michael P. Hiatt, research group manager for the Cooperative Institute for Research in the Atmosphere, at the Fort Collins campus of Colorado State University, had just those doubts. It looked like a lot more capability than he needed. "Our initial investigation showed that Active Directory acted as a domain controller.

"I wasn't aware of what it brought to the table then, and it seemed extremely complicated," said Hiatt. "But we found that Active Directory just runs in the background and is not complex to install. Literally, with Installation Wizard, we had it up on the machine and running as a backup domain controller in 15 minutes. It was not a big deal."

Initially, Hiatt said he had understood Active Directory was intended for large corporations with many worldwide remote sites, and it appeared Active Directory expanded on the domain model.

"We have just 150 workstations in our network. With a single domain and a single site, it seemed we wouldn't need Active Directory, but as a single domain site, it was extremely simple," Hiatt said.

"Administratively, we want to be able to handle network accounts and networks from a single place. Under NT 4.0 we had been using (multiple) domain controllers from day one. Now it's all being done on our two primary servers. Active Directory does what we had always wanted NT 4.0 to do."

"There's no question Active Directory is the key component and most significant change from NT 4.0." But, Hiatt also notes that initial negative impression of Active Directory represents a stumbling block for many in terms of giving Active Directory consideration.

"The biggest downside is that it is new to people," said Kirkpatrick. "Consequently, there is an educational issue."

Active Directory slow to catch on

Active Directory also comes up against a long entrenched competitor, Novell. Microsoft is faced with having to compare itself to Novell's established presence as a network management platform vendor, in Kirkpatrick's view.

"Another of Microsoft's difficulties is that it hasn't been a major player for large scale network infrastructure," he said. "Novell has made that its business, with NDS directory services, since 1990. Microsoft has a way to go if it wants to become dominant player in network management."

Although a number of research and analysts groups have giving Windows 2000 a higher rating than NT, and users across the board say Windows 2000 is an excellent product, companies have been slow to migrate. Primarily, the reason has been the complexity of installing a network management system.

Simon Yates, software analyst, Forrester Research, Cambridge, Mass., considers Active Directory as a much more stable, reliable and high performance product than NT 4.0 ever was. However, because Active Directory is a much more complex product requiring greater planning and implementation considerations than NT, the adoption rate has been slow.

But Windows 2000 server also faces entrenched competition from Sun Microsystems' Solaris platform, Yates noted. "What will slow down Active Directory adoption as whole, is the battle still to be fought with Windows 2000 Data Center, the enterprise level product that Microsoft will release later this year and use to compete with Sun Microsystems.

Sun has been the dominant player in extremely large database and network management systems, and Microsoft must be able to convince the larger multinational corporations that Windows 2000 Server with Active Directory performs comparably, if not better, than any of Sun's products. The key to doing that will be the introduction of Data Center, which will add large database capability.

"NT and Windows 2000 are mid-tier systems. It's really Data Center that will make Active Directory upwardly scalable to compete with Sun," Yates said.

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.