Microsoft addresses user concerns about Active
Directory
What is it?
Active Directory, included with Windows Server, is intended to
provide centralised, secure management of networks on any scale
from local to global. It is based on Lightweight Directory Access
Protocol, which is also used by Novell, IBM, Sun and Red Hat for
their directory services products.
Analyst firm Meta Group has identified "general fear of Active
Directory" as a major factor in the widespread decision not to
upgrade from Exchange 5.5. The Windows Server 2000 version had
limitations, including a 5,000-member limit for groups, and a
maximum of 300 sites. Security and manageability were also areas of
concern.
Microsoft has since increased the number of groups and sites that
can be supported and improved manageability, but analyst firm
Gartner said security is still a problem.
Where did it originate?
Active Directory was introduced with Windows Server 2000. The
authors of O'Reilly's guide to Active Directory described it as
"surprisingly stable and robust". They said, "Microsoft does not
have the best track record for initial releases of products, but it
must be commended for Windows 2000 Active Directory in terms of its
feature richness and reliability."
What is it for?
It provides the central repository of information and related
services to manage network users, devices and resources. Microsoft
said, "A directory service is both a database storage system and a
set of services that provide the means to securely add, modify,
delete, and locate data in the directory store."
What makes it special?
With Windows Server 2003, Microsoft added a lot more management
tools to Active Directory. These addressed specific gripes about
Active Directory in Windows Server 2000, such as the lack of
command-line tools for manipulating and searching, the inadequate
Group Policy tools, and the poor quality of support for
troubleshooting account lockout problems. Total cost of ownership
was another weakness, particularly compared with Novell's
eDirectory, and Microsoft has worked on this. Perhaps most
importantly, the company has tackled shortcomings in replication
and synchronisation between domain controllers.
How difficult is it to master?
If you have Windows Server experience you can learn the basics of
configuring and deploying or administering Active Directory in a
week. Features such as drag-and-drop, the ability to re-use
queries, and improvements in Group Policy in Windows 2003 make life
easier for administrators. Microsoft has also improved the Active
Directory Migration Tool to help with the move from Windows 2000 to
2003, and the move from NT 4.0.
Where is it used?
Analysts estimate that less than 25% of Microsoft installations
have implemented Active Directory, and many cite it as a reason for
not upgrading from earlier releases of Windows.
What systems does it run on?
Windows 2000 and 2003, though the open source community and
commercial competitors supply products that can interact with and
make use of Active Directory. Novell, by contrast, aims to support
all popular platforms.
What is coming up?
More management tools.
Rates of pay
Rates for people with Active Directory skills are significantly
higher than for most other Microsoft skills. Salaries for
MCSE-qualified engineers, analysts and support staff start at
£30,000 to £35,000.
Training
Active Directory training is available from Microsoft and its
training partners. Look out for computer-based training and online
tutorials leading to MCSE (Microsoft certified systems engineer)
certification, which is much cheaper than classroom training.
