AD Deployments Coming Along
- By Stephen Swoyer
- February 11, 2002
The days when IT managers viewed the Active Directory as complex and mysterious may be fading.
"They no longer see this as being dark magic," IDC analyst Al Gillen says.
While IT infrastructures remains a long way away from comprehensive Active Directory deployments, the learning curve may be behind many administrators.
"I think the complexity of Active Directory has decreased in importance as an impediment to deployments because enough of the people have gotten started in their Windows 2000 deployments," Gillen says.
Active Directory, the much-hyped enterprise directory service that Microsoft first unveiled in conjunction with Windows 2000, is a true hierarchical directory service. AD is integrated into Windows 2000 and replaces the legacy Windows NT 4.0 domain system in homogenous Windows 2000 environments.
From the beginning, Microsoft urged enterprise customers to carefully plan their Active Directory implementations before they took up the nuts and bolts preparation associated with a Windows 2000 migration. As a result, acknowledges Chris Baker, lead product manager for Microsoft Exchange, overall AD adoption has been slow.
“We’ve been saying since before AD was launched that organizations have to plan, plan and plan. And realistically, that takes some time,” Baker says.
According to a recent IDC survey, only about one quarter of respondents have replaced 50 percent or more of their Windows servers with Windows 2000 versions.
But IDC found that about 95 percent of organizations plan to move to Windows 2000 eventually.
"These people are almost universally planning on AD," Gillen says. "The catch is that there's a really big chunk of the users that are not very far along with their deployments."
Microsoft presents AD as one of Windows 2000’s biggest selling points, with manageability benefits such as single enterprise-wide sign-on, enhanced desktop management and simplified policy creation and enforcement.
There are users out there who believe Microsoft has failed to make a substantive business case for Active Directory's value.
“No one seems to be able to defend the business case for AD other than for software currency reasons. Does AD truly provide simplified system and security administration? Have … AD implementations in large organizations resulted in reduced headcount?” demands one Windows administrator.
Microsoft has responded to such criticism with a raft of case studies showing benefits in high-profile enterprise environments, including machinery manufacturing giant Caterpillar Inc.
In a tight economic environment, however, more compelling ROI can be required.
“There's no ROI I can show our company to justify the expense,” says Bill Louth, a Windows administrator with a trucking transportation company based in Ohio. “Our budgets are frozen and everything we do must have a reasonable ROI or we won't get funding for the project.”
Meanwhile, customers don’t necessarily have to implement AD in order to deploy Windows 2000. As a matter of fact, Windows 2000 can be deployed with backward-compatibility support for the Windows NT 4.0 domain model. Some IT managers who have rolled out Windows 2000 in their environments say that they plan to stick with the NT 4.0 domain model until they’re actually forced to move.
There is quite a bit of interest in getting the most out of Windows 2000 without AD. The rub, says author and MCSE Carol Bailey, is that there simply isn’t that much information available.
“All the standard documentation (and training) is aimed towards using Windows 2000 with Active Directory - and most people aren't even aware of which services/features they can use independently from AD and within their existing infrastructure (NT4 domain, NDS, workgroup etc),” she argues.
Bailey has co-authored a book, Configuring Windows 2000 Without Active Directory. In it, she shows administrators what it’s possible to do in AD-less Windows 2000 systems. In partial recognition of the inevitability of AD, she urges IT organizations to move gradually to it– after they’ve first implemented Windows 2000 within their existing infrastructures.
“Most companies would do themselves a big favor if they considered a more phased approach to adopting Win2K within their existing infrastructure. Get to know the new operating system, new features and services before enterprise-wide changes,” Bailey says.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.