Move to Exchange 12 could boost demand for Active Directory skill

As Microsoft moves towards the release of Exchange 12, it has a major obstacle to overcome: resistance to Active Directory.

What is it?

As Microsoft moves towards the release of Exchange 12, it has a major obstacle to overcome: resistance to Active Directory.

Active Directory is the distributed directory service included with Windows Server 2000 and 2003. It is intended to provide centralised management of networks on any scale, from single-site to global. But it has been problematic for Microsoft. Analyst firm Meta Group, for example, identified fear of Active Directory as a major disincentive to upgrading from Exchange 5.5.

The version supplied with Windows 2000 had major limitations, such as the 5,000-member limit for groups. Microsoft has worked to improve this and to tackle security concerns. The company is also putting effort into smoothing the migration path to Active Directory.

Active Directory is based on Lightweight Directory Access Protocol (LDap), which is also used by Novell, IBM, Sun and Red Hat for their directory products.

Where did it originate?

With Windows Server 2000. Microsoft has been using Active Directory internally since 1999.

What's it for?

A directory service stores information about network devices, resources and users. Essentially it is both a database and the services that allow information in the database to be located, accessed and modified.

Microsoft said Active Directory was typically used for three purposes: as a closed, internal directory of users and resources, as a local directory of personalisation data relevant to an application, and as an external directory of customers and business partners.

Administrators have centralised access to objects representing all network users and devices, and they can set security, authorisation and other policies.

What makes it special?

Microsoft has greatly improved the Active Directory Migration Tool (ADMT). ADMT 2.0 corrects some of the shortcomings of the first version. For example, it allows passwords to be migrated from NT 4.0 to Windows 2000 and Windows 2003, or from Windows 2000 to Windows Server 2003.

Object names are integrated with the Domain Name System, which translates them into IP addresses. Replication and synchronisation, an early weakness, have been enhanced to maximise directory consistency and minimise impact on network traffic.

How difficult is it to master?

With a background in Windows Server 2000 or 2003, you can take the five-day course, Planning, Implementing and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure. Alternatively, for a lot less money, get hold of the book and courseware of the same name. This course, plus one year's experience, makes you eligible for the Active Directory Microsoft certified professional exam - a step on the way to Microsoft certified systems engineer status.

Where is it used?

It is difficult to pin down details of the installed user base. One analyst said "80% of North American users" have implemented Active Directory, without saying what kind of user; another said it was "less than a quarter of Microsoft installations".

With the ending of support for Exchange 5.5, some users may be contemplating upgrades to Windows 2003, which may mean a surge in Active Directory work.

What systems does it run on?

Windows 2000 and 2003, although Linux, Unix and other boxes can be managed from Active Directory.

What's coming up?

Active Directory Federation Services, delivered with Windows Server 2003 R2, uses web services technology to extend user identity and access rights management across organisational boundaries.


Active Directory courses are available from Microsoft and its training partners. O'Reilly & Associates has a regularly updated series of books dealing with different aspects of Active Directory.

Rates of pay

Active Directory administrators and junior "engineers" can earn £25,000, rising to £45,000-plus for experienced specialists.

Read more on Business applications