SAN DIEGO (07/25/2000) - The next version of Active Directory will include much-needed improvements for managing groups of users and features to make it easier to run the directory over WAN links, Microsoft Corp. said Tuesday.
At The Burton Group Corp. Catalyst Conference here, Microsoft said the upcoming revision of Windows 2000, code-named "Whistler" and set to ship in the first half of next year, will address many concerns enterprise customers have had about Active Directory.
Those concerns have mostly focused on restrictions on user group sizes, replication, reliance on the global catalog and partitioning the directory.
Enterprise customers have noted that Active Directory is rigid when it comes to running it in a distributed environment, and Microsoft says it will now add flexibility.
"All the things they are doing are good for the NOS environment," says Jamie Lewis, CEO of The Burton Group, a consulting firm based in Midvale, Utah. "They are issues that customers need to solve."
Microsoft will remove the 5,000-user limit for groups within Active Directory.
To abolish the limitation, Active Directory will now maintain meta-data on individual members of a group instead of just the entire membership.
Previously, when an individual's data was changed, the entire group's data had to be updated as well. Now, the individual's data can be changed separately.
Reducing the amount of data that needs to be updated allows Microsoft to eliminate group size restrictions.
The new meta-data also is being used to reduce replication headaches. Users can now replicate individual changes without having to replicate the entire group list. The capability should take pressure off WAN links and allow enterprise users more options for deploying Active Directory in a distributed environment.
Another benefit of the new fine-tuned controls is the ability to ensure the integrity of directory data. Users no longer have to worry about two or more directory updates made within the same replication cycle overwriting one another, or "colliding." Users can now make changes in single values of multi-valued attributes and replicate just that value.
Microsoft also is dropping the requirement that users always log on through a global catalog. The issue affects users in branch offices who have to cross WAN links in order to use the catalog to sign on to corporate networks. Users will still sign on through the catalog, as long as their branch-office connection to the network is up, but if the connection is down, the user can use global catalog data cached locally to access the local portion of the network.
Microsoft also is adding application partitions that can be selectively replicated to avoid unnecessary traffic on the network. The partition capability will not include Domain Name Service data, but Microsoft will add the capability in a later version of Active Directory. Users have complained about the load on the network required by DNS replication, because data must be replicated to every domain controller even if it isn't acting as a DNS server.
"Clearly, users in low-bandwidth areas are sensitive to this," says Pete Houston, lead product manager for Windows marketing for Active Directory. "The ability to fine-tune replication has been a demand from customers."
Microsoft also is adding a feature that will allow users to copy a Domain Controller to tape or CD-ROM, and use it to create a new, unique Domain Controller. The feature will eliminate the need to build a Domain Controller from scratch over the network.
In addition, Microsoft also will offer a command-line interface for remote administration and administrative tools for supporting multiple forests.
"We are trying to avoid any paradigm shifts in Whistler and just add flexibility," Houston says.
Microsoft also announced Microsoft Metadirectory Services 2.2 is now available.
The software includes tighter hooks with Active Directory and provisioning enhancements that allow MMS agents to perform provisioning duties on individual directories. MMS 2.2 also includes an XML Management Agent and an Exchange Inter-Forest Wizard, which is pre-configured to provide synchronization between Exchange Servers.