Improvements could increase the market for Active Directory skills

Microsoft addresses user concerns about Active Directory

Microsoft addresses user concerns about Active Directory

What is it?

Active Directory, included with Windows Server, is intended to provide centralised, secure management of networks on any scale from local to global. It is based on Lightweight Directory Access Protocol, which is also used by Novell, IBM, Sun and Red Hat for their directory services products.

Analyst firm Meta Group has identified "general fear of Active Directory" as a major factor in the widespread decision not to upgrade from Exchange 5.5. The Windows Server 2000 version had limitations, including a 5,000-member limit for groups, and a maximum of 300 sites. Security and manageability were also areas of concern.

Microsoft has since increased the number of groups and sites that can be supported and improved manageability, but analyst firm Gartner said security is still a problem.

Where did it originate?

Active Directory was introduced with Windows Server 2000. The authors of O'Reilly's guide to Active Directory described it as "surprisingly stable and robust". They said, "Microsoft does not have the best track record for initial releases of products, but it must be commended for Windows 2000 Active Directory in terms of its feature richness and reliability."

What is it for?

It provides the central repository of information and related services to manage network users, devices and resources. Microsoft said, "A directory service is both a database storage system and a set of services that provide the means to securely add, modify, delete, and locate data in the directory store."

What makes it special?

With Windows Server 2003, Microsoft added a lot more management tools to Active Directory. These addressed specific gripes about Active Directory in Windows Server 2000, such as the lack of command-line tools for manipulating and searching, the inadequate Group Policy tools, and the poor quality of support for troubleshooting account lockout problems. Total cost of ownership was another weakness, particularly compared with Novell's eDirectory, and Microsoft has worked on this. Perhaps most importantly, the company has tackled shortcomings in replication and synchronisation between domain controllers.

How difficult is it to master?

If you have Windows Server experience you can learn the basics of configuring and deploying or administering Active Directory in a week. Features such as drag-and-drop, the ability to re-use queries, and improvements in Group Policy in Windows 2003 make life easier for administrators. Microsoft has also improved the Active Directory Migration Tool to help with the move from Windows 2000 to 2003, and the move from NT 4.0.

Where is it used?

Analysts estimate that less than 25% of Microsoft installations have implemented Active Directory, and many cite it as a reason for not upgrading from earlier releases of Windows.

What systems does it run on?

Windows 2000 and 2003, though the open source community and commercial competitors supply products that can interact with and make use of Active Directory. Novell, by contrast, aims to support all popular platforms.

What is coming up?

More management tools.

Rates of pay

Rates for people with Active Directory skills are significantly higher than for most other Microsoft skills. Salaries for MCSE-qualified engineers, analysts and support staff start at £30,000 to £35,000.


Active Directory training is available from Microsoft and its training partners. Look out for computer-based training and online tutorials leading to MCSE (Microsoft certified systems engineer) certification, which is much cheaper than classroom training.

Read more on IT for small and medium-sized enterprises (SME)