News Stay informed about the latest enterprise technology news and product updates.

New tools to squeeze more from Active Directories

Microsoft's new Identity Integration Server and a host of related software aim to help customers get more out of their Active Directory forests, rather than having to take a chainsaw to them.

At a time when IT managers are making due with what they've got, new products are usually viewed for how they can complement what's already there, rather than for what new projects they can generate.

That's why Microsoft's Identity Integration Server (MIIS), which is intended to help customers develop an identity management architecture, may have more immediate appeal for customers who want the ability to manage and share information from various Active Directories across their enterprises.

MIIS and several ancillary products were released to manufacturing last week and should be available next month. There are two versions of MIIS: an enterprise version, which connects Active Directory to any other directory, and the Identity Integration Feature Pack for Windows Server Active Directory, which helps customers move information between more than one Active Directory forest or between different installations of Active Directory Application Mode (ADAM). Both run on Windows Server 2003.

Microsoft is also releasing ADAM, a standalone directory, which lets IT administrators install Active Directory as an LDAP directory for application-specific data.

The Identity Integration Feature Pack may have the most appeal initially because there are a lot of customers who would like to synchronize the various versions of Active Directory they may have acquired across their enterprise.

"There are a lot of people with [multiple] Active Directory forests, and no one is in a mood to tear them down," said Brett Finch, technical infrastructure administrator in the human resources department at the University of Alberta.

Finch said he believes Microsoft will find niche markets for its products -- one for enterprise identity management and the other for those who simply want their disparate Active Directories to work together.

The release of MIIS expands Microsoft's metadirectory, which it acquired from Zoomit Corp. four years ago. At that time, directories and directory synchronization were the rage. Today, the conversation has shifted to identity management, but there is some confusion about what that entails, analysts said.

Identity management refers to the ability to administer, authorize and deploy a user's identity across applications in an enterprise, all from one location. Getting the job done requires a combination of technologies. Vendors usually only have pieces of the puzzle, but they are starting to offer more.

MIIS will perform three main jobs, said Michael Stephenson, Microsoft's lead product manager of MIIS. It will provide metadirectory capabilities by synchronizing multiple directory platforms. It will offer automated account provisioning (and deprovisioning). And it will allow self-service password management. The latter two are new features.

The MIIS enterprise edition will connect to platforms other than Windows, Stephenson said. If a customer also has an application running on Linux that uses an Oracle database to store account information, MIIS can connect with that information and make sure those account repositories are in sync, he said.

Because the concept of identity management is still new, customers are struggling with where to start, said Jonathan Penn, an analyst at Forrester Research, Cambridge, Mass. The market is small today, according to Forrester, which estimates annual revenue to be between $600 million and $700 million. It is growing at a fast rate, estimated at between 30% to 45%.

MIIS puts Microsoft's next-generation metadirectory on par with those offered by IBM Corp. and Novell Inc., though Novell has been established in the directory business longer.

"Now we have a situation where three big vendors have comparable products and will fight for customers," said Mike Neuenschwander, an analyst at the Burton Group, a Midvale, Utah, consulting firm.

MIIS ships in two editions. The Identity Integration Feature Pack for Windows Server 2003 is included with the Windows Server 2003 license. The MIIS enterprise edition provides 17 different connectors to link to account databases. This costs $24,999 per CPU.


Article: Active Directory goes mainstream

Tip: Pros and cons of Active Directory

Best Web Links: Active Directory

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.