Microsoft last week finally strung a safety net for those feeling uneasy about walking the tightrope between NT domains and Active Directory.
What NT 4.0 users face in moving to Windows 2000 is the perilous no-going-back task of converting and consolidating domains into Microsoft's new distributed directory service -- in a production setting. The fear is that if the Active Directory implementation fails, critical user and group information, permissions and Exchange mailboxes would be lost.
To address this fear, Microsoft has licensed technology from third-party developer Mission Critical Software that gives network administrators a chance to model and test Active Directory implementations before putting them into production.
The tool, which will ship with Windows 2000, also provides users with the ability to run NT 4.0 domains and Active Directory at the same time and roll back to previous configurations in the event something goes wrong.
Getting from domains to Active Directory has been a big focus for Frank Asenjo, lead systems engineer for the national accounts division at Automatic Data Processing. "We have modeled four scenarios and ported them to a test system," says Asenjo, who is using the full Mission Critical suite. "But for Microsoft to include this functionality with the operating system is a feather in its cap."
"It's clear what Microsoft is hearing from its rapid deployment program is that migration issues are significant, and Microsoft is addressing that," says Jamie Lewis, president of The Burton Group. "Without good migration tools, Microsoft will discover what Novell did with NDS -- that the brute force method just doesn't work."
Active Directory still lacks a number of features, including two-way data synchronization with Novell Directory Services. Microsoft also has yet to develop a metadirectory strategy for integrating Active Directory with other directories.
Microsoft is licensing Mission Critical's Domain Migrator tool, which is part of Mission Critical's OnePoint suite of directory management tools. The tool includes support for simultaneously deploying individual domains in NT and Active Directory. This "cloning" feature means data can exist in both places at the same time. If the Active Directory deployment fails, the system can cut over to the NT domains.
Mission Critical is not the only company addressing the problem. Fast Lane Technologies has DM Manager, which is similar to Mission Critical's software.
Microsoft will include Domain Migrator with Windows 2000, although the company has yet to decide if Domain Migrator will be built into the software or included on a CD.