Concerns voiced over Active Directory

Microsoft's Active Directory is the most anticipated feature of Windows NT 5.0, due in 1998, according to users and analysts at an Internet Expo session in Boston earlier this month, but most agreed that the work-in-progress directory exhibits some troubling traits. One potential trouble spot for Active Directory is its immaturity, which is seen as problematic because directory technology has to be so complex.

Microsoft's Active Directory is the most anticipated feature of Windows NT 5.0, due in 1998, according to users and analysts at an Internet Expo session in Boston earlier this month, but most agreed that the work-in-progress directory exhibits some troubling traits.

One potential trouble spot for Active Directory is its immaturity, which is seen as problematic because directory technology has to be so complex.

Indeed, Robert Johnson, business development manager for Nexor, a systems integrator in Gaithersburg, Maryland, says it will probably take many years for Microsoft to work out the kinks.

Concerns were also raised about interoperability between Active Directory and directories on other platforms. Active Directory supports the Lightweight Directory Access Protocol (LDAP), but because LDAP does not provide all the functionality needed for cross-platform connectivity, it also contains much proprietary technology.

Areas in which Active Directory is proprietary include its use of the Common Object Model for directory objects and naming; its multipart replication schema; and tight integration with Microsoft's Internet Explorer browser, says Doug Simmons, director of professional services at The Radicati Group, a Palo Alto, Calif., research company which specialises in directory services.

"Microsoft is plowing new ground using its own objects and schema, and the new schema will have to be mapped between Active Directory and the rest of the world," Simmons says.

For instance, multipart replication enables one part of a directory several layers down the hierarchical structure to replicate with another. In contrast, X.500 directories replicate changes to a master directory then down to subdirectories.

Jamie Lewis, president of The Burton Group consultancy, in Salt Lake City, agrees that Microsoft is using proprietary technology but pointed out that this is a problem faced by all directory vendors because of the way that the Internet Engineering Task Force (IETF) has chosen to develop LDAP: Rather than weighing it down with functions, the IETF has tried to keep LDAP simple and will approve extensions to the standard to handle such functions as replication.

The result: Users who plan to exchange directory information outside of Windows will have to use third-party interfaces between Active Directory and other directories such as Novell Directory Services, or they will have to rely on LDAP's limited capabilities.

Several users at the session said they were unhappy that implementing Active Directory will likely be complex.

"I don't want the heartache of being a systems integrator," says Andrew Black, group manager of technical architecture and design at Dayton Hudson Information Services, in Minneapolis.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]