The Active Directory of the Future
- By Scott Bekker
Windows Server 2003 was in many ways a minor release -- that is up until the Trustworthy Computing security review that contributed to delaying the project by about a year. But even before Trustworthy Computing, the Active Directory enhancements from Windows 2000 to Windows Server 2003 were one area where the upgrade was a major release.
For example, the Active Directory in Windows 2000 had major flexibility problems, especially when it came to merger and acquisition scenarios that are so common in enterprises. Much of that was repaired with the Windows Server 2003 Active Directory.
At this stage, Microsoft is giving few indications that any similar overhauls are coming in the next version of Active Directory. But one industry analyst says that what Microsoft is doing, rather than what Microsoft is saying, may be important.
The first place where changes could conceivably come to the Active Directory is in Windows Server 2003 Service Pack 1. Nothing doing, says Michael Stephenson, group product manager for Active Directory. Although Microsoft plans to add major new security features to the base operating system at that point (currently planned for the second half of this year), any improvements to Active Directory will be strictly bug fixes.
Any changes to Active Directory will come in the "next big server release," Stephenson says. Presumably that's Longhorn server, although there has been talk from Microsoft of an interim server release -- potentially a roll-up of the free "feature pack" add-ons that have shipped since Windows Server 2003 into the base operating system. The Longhorn client appears headed for an early 2006 release, with a server release sometime after that.
The three key areas of Active Directory development that Microsoft is focused on for that next big server release are adding new security capabilities, adding new management capabilities and improving the ease of use of the directory service.
An example of a scenario that would benefit from work in those areas is federated identity, Stephenson says. "You have SharePoint inside the firewall today. What we want to do is make it very easy for organizations to extend that use to users outside the firewall. How do I invite them to come to my Windows SharePoint site and collaborate on the document with me? Extending AD to do federated identity," he says.
Analyst Al Gillen of IDC believes Microsoft's recent legal settlement with Sun Microsystems could have major implications for future versions of Active Directory. "I wonder what they're going to do with Sun," Gillen says. In addition to payments from Microsoft to Sun of about $2 billion, the companies agreed to license each other's technology and work to make their products interoperate. Sun has one of the major Unix-based directory technologies.
"To me, that's indicative that they have some sense that they need to work with the Unix environment. That's one way that we may see some improvement and interoperability coming out of the Sun-Microsoft licensing agreement," Gillen says.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.