Tuesday, July 12, 2005


Let’s don’t get into the Directory Services Wars here…each has its own merits and followers. AD just happens to be the directory service in which I specialize. I’m sure we all know that there are scenarios in which AD excels, and those in which it plays a supporting role. Onward…

I fondly remember Microsoft’s Windows 2000 launch event in San Francisco back in February of 2000. The major IT vendors had booths in the exhibition hall; CTOs of major corporations were wined and dined; and media analysts were thick as bees on honey. It was a Microsoft geek’s paradise—the whole industry was focused on Active Directory and those of us with early experience had our fifteen minutes of fame on center stage.

The industry has seen a lot of technology come and go since Active Directory was introduced. Most IT professionals, including those at Microsoft, will tell you that after 5 years on the market Active Directory is a mature and broadly implemented product. While I agree that it is widely implemented, I don’t agree that use of Active Directory has reached a mature stage of life. In fact, I think few organizations have begun capitalizing on the promise of Active Directory.

In my consulting life, I’ve dealt with some of the world’s largest corporations. Most of them use Active Directory simply as an authentication mechanism, and as an entry point to recent versions of other Microsoft products such as Exchange. They do not take advantage of the policy-based management, role-based management, or identity management capabilities of AD. Many (many!) are still supporting Windows NT. I’d go so far as to say that most still have “entry level” implementations of AD.

Anyway…since I work with it and sometimes write about it, I tend to think about AD a lot. I’ve even developed an AD maturity model that I use to rank an organization’s implementation of AD. This helps me to pinpoint areas for improvement and provide advice on how the client can gain efficiencies and reduce costs—bread and butter work for a consultant.

With over five years of exposure to Active Directory, shouldn’t we be talking about a lot more than simply how to design AD forests and trees? I say we move on and talk about more current issues such as policy-based management, identity management, AD’s role in a service oriented architecture, and so on. And I always love to hear about cutting edge implementations.

If you’re not interested in current Microsoft technology, you’ll obviously find this blog very geekish. But if you too deal with it on a daily basis, perhaps you’ll join me here for some interesting (albeit geekish) conversation.