"Once you add schemas you are stuck with them," says Jamie Lewis, president of The Burton Group. "You don't want to have a lot of schemas to wade through. If you replace a schema for a user, for instance, you don't want developers using the old schema that is not supported."
Lewis says it is all about "managing, keeping things clean and not having to live with schema changes the rest of your life."
Changing a schema is a task best left to the most experienced administrators. But Microsoft says it is a task with value.
"Customers were saying once they added an application to Active Directory they could not roll back," says Peter Houston, groupp program manager for Active Directory. "There was a fear factor about adding schemas, and some customers were delaying rollouts of new applications."
Microsoft is adding another feature in Active Directory that also should help with management. Windows 2002 will features Cross-Forest Trust, which allows separate directory forests to talk to one another. For example, a user authenticated in one forest can be authorized to use resources from another forest. Previously, forests could not communicate, and Microsoft recommended users deploy only a single forest.
"Users with good centralized control will use a single forest, but decentralized corporations might look to multiple forests as a boundary for administration," Houston says.
But he warned that the feature is not a license to create 30 forests. "The goal is to minimize the number, but it's not just one anymore. You don't need to beat your head against the wall to get to one," Houston says.
In addition, shortly after Windows 2002 ships, Microsoft will launch Version 3.0 of Microsoft Meta-directory Services (MMS), which will replace the Zoomit Directory with Active Directory.
MMS is the descendant of technology Microsoft purchased from Zoomit in 1999. The Active Directory store will allow enterprises to have a single repository for their enterprise directory and metadirectory.