What is it?
As Microsoft moves towards the release of Exchange 12, it has a
major obstacle to overcome: resistance to Active Directory.
Active Directory is the distributed directory service included
with Windows Server 2000 and 2003. It is intended to provide
centralised management of networks on any scale, from single-site
to global. But it has been problematic for Microsoft. Analyst firm
Meta Group, for example, identified fear of Active Directory as a
major disincentive to upgrading from Exchange 5.5.
The version supplied with Windows 2000 had major limitations,
such as the 5,000-member limit for groups. Microsoft has worked to
improve this and to tackle security concerns. The company is also
putting effort into smoothing the migration path to Active
Directory.
Active Directory is based on Lightweight Directory Access
Protocol (LDap), which is also used by Novell, IBM, Sun and Red Hat
for their directory products.
Where did it originate?
With Windows Server 2000. Microsoft has been using Active
Directory internally since 1999.
What's it for?
A directory service stores information about network devices,
resources and users. Essentially it is both a database and the
services that allow information in the database to be located,
accessed and modified.
Microsoft said Active Directory was typically used for three
purposes: as a closed, internal directory of users and resources,
as a local directory of personalisation data relevant to an
application, and as an external directory of customers and business
partners.
Administrators have centralised access to objects representing
all network users and devices, and they can set security,
authorisation and other policies.
What makes it special?
Microsoft has greatly improved the Active Directory Migration
Tool (ADMT). ADMT 2.0 corrects some of the shortcomings of the
first version. For example, it allows passwords to be migrated from
NT 4.0 to Windows 2000 and Windows 2003, or from Windows 2000 to
Windows Server 2003.
Object names are integrated with the Domain Name System, which
translates them into IP addresses. Replication and synchronisation,
an early weakness, have been enhanced to maximise directory
consistency and minimise impact on network traffic.
How difficult is it to master?
With a background in Windows Server 2000 or 2003, you can take
the five-day course, Planning, Implementing and Maintaining a
Microsoft Windows Server 2003 Active Directory Infrastructure.
Alternatively, for a lot less money, get hold of the book and
courseware of the same name. This course, plus one year's
experience, makes you eligible for the Active Directory Microsoft
certified professional exam - a step on the way to Microsoft
certified systems engineer status.
Where is it used?
It is difficult to pin down details of the installed user base.
One analyst said "80% of North American users" have implemented
Active Directory, without saying what kind of user; another said it
was "less than a quarter of Microsoft installations".
With the ending of support for Exchange 5.5, some users may be
contemplating upgrades to Windows 2003, which may mean a surge in
Active Directory work.
What systems does it run on?
Windows 2000 and 2003, although Linux, Unix and other boxes can
be managed from Active Directory.
What's coming up?
Active Directory Federation Services, delivered with Windows
Server 2003 R2, uses web services technology to extend user
identity and access rights management across organisational
boundaries.
Training
Active Directory courses are available from Microsoft and its
training partners. O'Reilly & Associates has a regularly
updated series of books dealing with different aspects of Active
Directory.
Rates of pay
Active Directory administrators and junior "engineers" can earn
£25,000, rising to £45,000-plus for experienced specialists.