Kearns' column: Active Directory: agree to disagree

Although there was a fair amount of fallout, most people agreed with my recent assessment, A Flaw in Active Directory, of potential problems with Microsoft's Active Directory replication and synchronisation strategy.

[Aside: For the user at Microsoft, whose name may be Shawn but signs his e-mail "LCA Dude" and who uses a host machine called -- you need to learn how to create truly anonymous e-mail. At least when employees at Novell or IBM disagree with me, they sign their real names.]I did spend an enjoyable hour talking to Pete Houston, Active Directory's lead product manager. Houston came to Microsoft from IBM and has a very solid grounding in databases. In particular, he appears quite knowledgeable about distributed, replicated databases.

There was very little we disagreed on but, alas, the item that was the focus of my assessment was at the top of the list.

When changes are propagated throughout the replicas of the directory, it's important that they be applied to all copies in the same order. Active Directory uses a serial number sequence to decide the order of changes and when there's a discrepancy, falls back on a number of so-called tiebreaker decision points to decide which changes will be made and which will be rejected.

Houston and I agree that consistency among all copies of the directory is important. We differ in that Houston believes consistency is all that matters, while I believe that consistency is important, but accuracy is almost as important.

It's a classic confrontation between a database manager and a network manager. We agreed to disagree.

We went on, though, to imagine the next generation of directory service -- a generation that would use rules and policies to determine which update succeeds and which doesn't. Imagine setting up a hierarchy so that any time there is a discrepancy in updates, the higher ranking person's changes would "win". I'd like to hear your thoughts on how that might work.

Get Kearns' free Windows NT newsletter via e-mail twice a week. Go to and sign up for the latest NT news

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about IBM AustraliaKearnsMicrosoftNovell

Show Comments