Microsoft separating Active Directory from OS

Microsoft Corp. Monday made a dramatic change in its Active Directory strategy saying it will ship a stand-alone version of the software separated from the operating system that finally delivers on its promise to create a Web-based directory.

At The Burton Group Corp.'s Catalyst conference the company laid out a roadmap for Active Directory's future, including a version called Application Mode, a pure Lightweight Directory Access Protocol-based directory to support Web applications. The company also said convergence of its directory and database is inevitable as it tries to create a universal data store, and that it will ship Microsoft Metadirectory Services (MMS) 3.0 early next year as the first step in that convergence.

The new version of the directory finally allows network executives to separate Active Directory from the Windows operating system for use in specialized situations such as supporting Web-based applications. Network executives and experts alike have been at Microsoft since Active Directory shipped to make such a move. Active Directory is the only directory on the market that is built into an operating system.

The major upside for network executives will be the added flexibility of deploying Active Directory without having to set-up an entire operating system environment as is now mandated. The Application Mode version does not require network executives to set up and manage a domain controller and services such as Kerberos, DNS or public-key infrastructure.

"It's about time," says Tom Gaylord, CIO for the University of Akron (Ohio). "There is great potential and obvious benefits for decoupling the directory. It can greatly simplify your architecture."

Microsoft has been trying to convince users that by adding Web-based features, such as a standard Lightweight Directory Access Protocol (LDAP) user description called inetOrgPerson, that its network operating system, or NOS, directory was suitable for Web-based deployments. But users wanted something better and network executives continued to look to Sun Microsystems Inc.'s SunONE Directory Server and Novell eDirectory for Web-based directories.

"This is groundbreaking for us," says Jackson Shaw, product manager for directory services for Microsoft. "It's an LDAP directory to support applications."

In addition, Shaw said, the Application Mode directory would integrate with the NOS version of Active Directory to share user authentication duties. That integration allows companies to keep their authentication centralized in the NOS directory while isolating in the stand-alone directory changes an application makes to the schema, which defines the structure of the directory.

"What they are doing is making it easier to use Active Directory in a e-business role without having all the baggage of the NOS," says Jamie Lewis, CEO and research director for the Burton Group. "The e-business or extranet created a need for a general-purpose, vanilla LDAP directory to authenticate users. What Microsoft is doing is a sign of maturity." Lewis says it also is the start of serious competition with Sun and Novell. "People have been turning to those directories because it has been too hard to deploy Active Directory as a general purpose directory."

The Application Mode version of Active Directory will ship 30 days after Windows .Net Server, which is scheduled to ship by year-end. The first release candidate of the .Net operating system is due next week.

Even though Active Directory can now run on its own, it still will only run on top of Windows, much like Microsoft's other server applications, and only with the .Net operating system and Windows XP Professional. The XP support allows developers to install the directory right on their desktops.

The Application Mode version of the directory is a near term change for Microsoft, but the future holds even bigger changes as the company creates a universal data store around its Yukon technology.

In the future, Microsoft believes the directory and the database will become one. "How many people can program against a directory? A large number. How many applications use a database? A large number," says Kim Cameron, directory architect for Microsoft. "Right now your identity and authentication data is segregated in the directory with its own protocols, it is hard to join with the database." Cameron says a lot of challenges have to be overcome to converge the two but that Microsoft will eventually integrate the two. He would not specify a timeframe.

Cameron said the convergence would have many benefits. As an example, he demonstrated at the Catalyst Conference an XML-based technology called Polyarchy that allows users to create different hierarchical views of data such as an organizational chart or a set of discussion lists. In essence it is a sophisticated White Pages application that can display key relationships between people and data. Key to creating such lists is that user identity information and data all reside in one repository.

"We wanted a new way to visualize and search and make directories more capable. Users want integrated views so we have to store data differently."

The first crack at changing that storage will ship with MMS 3.0, which will display directory information as SQL tables. MMS 3.0, which is a metadirectory that allows information to be joined into a single logical entity, includes a Preview mode that works much like a Print Preview, allowing users to see what changes will look like before they are made.

Microsoft also has integrated MMS 3.0 with Visual Studio.Net to create a standard development environment. Support for the Directory Services Markup Language, basically an XML representation of LDAP, is being added to provide XML application developers with access to LDAP features.

Join the newsletter!

Error: Please check your email address.

More about Burton GroupMicrosoftNovell

Show Comments

Market Place