News Stay informed about the latest enterprise technology news and product updates.

MEC 2001: MS, AD and user 411

A big question at MEC 2001 this week -- what's up with Active Directory. Microsoft was ready for that question, and parried it with several answers.

MEC 2001, ORLANDO, Fla. - Active Directory (AD) is a popular feature of Windows 2000, and Microsoft is actively directing user feedback back to Redmond to improve AD.

Microsoft learned a thing or two about AD from its deployments, said Stuart Kwan, group product manager for Active Directory. One notable lesson was that non-technical issues are often more problematic than purely technical ones.

To begin with, deployment requires a paradigm shift in thinking "not a weekend of looking over a book," Kwan said. There are also "political" issues because deploying AD requires different groups to work together, such as Windows and DNS groups.

On the technical side, potential group replication collisions are possible. Replication creation can also take a long time. Some migration tools have been missing, Kwan said. Out-of-the-box monitoring is also needed.

Kwan added that better reference material is being written, notably a document on best practice operations due early next year. The material will have sections that "if something goes wrong, then do this."

Microsoft has some first-hand knowledge about deploying Active Directory. The company deployed it before shipping Windows 2000. It was able to reduce child domains from 433 to 14 and trusts between servers from 5,000 to 13.

With .Net, however, users will be able to deploy Global Catalogs in remote locations. Users will no longer have to log in the Global Catalog each time. Users will also be able to create servers from media such as back-up tapes.

Microsoft is also looking at some improvements beyond .Net. One goal is to simplify Active Directory operations so more users can use it. Another is to address multi-forest directories, which will become ever more important as companies merge. Ultimately, directories can be linked using Microsoft Passport as the authenticator, Kwan said.


SearchWin2000's Featured Topic section.

SearchWin2000's Best Web Links

SearchWin2000's Active Directory Forum

Got questions about Win2k migration? Go to searchWin2000's Ask the Expert section and query Paul Hinsberg.

Microsoft's Active Directory Web site

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.