Microsoft adding critical function to Active Directory

By John Fontana, Network World |  Networking

To answer IT executives' demands for advanced features in Active Directory, Microsoft is enhancing its single highest administrative privilege so users can better manage the directory.

With the Beta 3 version of Windows 2002 Server, set for release later this year, Microsoft will introduce the ability to delete schemas from the directory. The feature, called Schema Delete, is not in Beta 2, released in March, but is scheduled to be included in Windows 2002 when it ships early next year.

The news comes on the heels of Microsoft's announcement that it is starting to enable Active Directory for use on the Web. (Microsoft pumping up directory for Web use)

IT executives have been clamoring for the ability to delete schemas, to eliminate clutter from the directory and make it possible to completely uninstall directory-enabled applications. "We're trying to keep our directory data as clean as possible, and when schema delete is available we'll use it to clean up even further," said a directory administrator from a Fortune 500 company who requested anonymity.

Schemas are the heart of the directory. They define the objects in Active Directory and the attributes associated with those objects. Objects represent users and applications, and they are made up of a set of attributes, such as user name, address and phone number.

But modifying the schemas can be tricky. It is the most guarded administrative privilege in the directory -- because if done incorrectly it can disable a server or an entire network.

"Schema delete has become the poster child for why Active Directory is not as good as Novell," says John Enck, an analyst with the Gartner Group. "Most of us will say it should have been in there in the first place." But Enck says it is better late than never.

Novell's eDirectory and IPlanet's Directory Server 5.0, which shipped Thursday, allow users to delete schemas.

The ability to eliminate irrelevant schemas is important as more applications become directory-enabled.

Each time an application is added to the directory, it potentially can modify schemas. For example, Microsoft's Exchange 2000 messaging server makes some 1,200 schema modifications when it is installed.

But when applications are uninstalled, their schema modifications remain in the directory as excess baggage and can lead to potential problems. The leftover schema can clog replication and lead to crippling problems.

Active Directory currently allows users to retire schemas, which means they are not replicated, but remain in the directory.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question