Ten years ago today, Microsoft released its Active Directory technology to scepticism that it could build an infrastructure technology to anchor user management and access control. Now the software is an integral part of nearly every corporate network and stands ready for its next frontier: public and private clouds.
Over the years, Active Directory (AD) has strengthened its shaky legs by improving scalability and flexibility, and adding features such as federation and rights management services. The directory today is part of nearly every task a user performs on a Windows-based network, plus there are tools to include Unix and Linux machines under the access controls in AD, and an army of third-party vendors.Most recently, Microsoft unveiled plans for the Next Generation Active Directory (NGAD), a modular add-on that is built on a database and designed to add querying capabilities and performance never before possible in a directory. NGAD also is a reshaping of the programming model for Active Directory.
But it all started on 17 February, 2000, with the official release of Windows 2000, which featured the first ever network directory from Microsoft.
Directory technology had already been mastered by Novell and Banyan, along with others such as Sun.
Still, Microsoft charged out of the gate with the intent of taking the industry by storm. And it succeeded. Today, Active Directory runs in more than 90% of the world’s 2,000 biggest companies, while the rest of the market picks up the leftovers.
AD is an integral part of Exchange, SharePoint and Office Communications Server, along with other Microsoft and third-party applications.
“Besides core file serving functions, Active Directory is the most deployed workload in Windows Server,” says Justin Graham, senior product manager for Windows. “And I would venture to say one of the most strategic workloads.”
Over the years Microsoft has added to Active Directory what the user base demanded, Graham says. While AD presented challenges, “we have accomplished a lot,” he says. “We have watched the industry and anticipated the shifts, and that will continue going forward.”
As with any nascent technology, there were growing pains, stumbling blocks and techniques to master on the rise upward. The directory slowed the uptake of Microsoft Exchange 2000, the very first Active Directory-enabled application, as users fretted over directory architectures, schema changes and configurations, for instance.
Even Microsoft’s IT department alerted users to take caution in building directory infrastructure.
In a February 2000 interview with Network World, Dave Gasiewicz, the lead architect for Microsoft’s internal IT department, said “if you want to live in hell right away, go to multiple forests.” The multiple forests architecture presented an administrative “boondoogle” and a very complex security model, Gasiewicz said. His frankness was appreciated more by users than Microsoft’s PR machine, but it was an indication that users were dealing with serious infrastructure technology.
“Microsoft did learn the hard way, which is almost an inevitable process for that level of infrastructure,” says Jamie Lewis, CEO of the Burton Group/Gartner. “It is not easy to build and it takes time for something as ambitious and complex as a directory.”
But Lewis says there is no question that AD today is considered by a lot of enterprises to be the foundation of their user repository and hub for their internal authentication mechanism.
Hopefully, Microsoft learned its lessons well, because Lewis says moving the directory to the cloud will be another hard lesson, especially given that AD is now a piece of legacy technology that many users don’t want disturbed. That is one reason Microsoft is developing NGAD as an add-on.
"I don't want to do anything to let anybody think that I am going to diddle with Active Directory infrastructure, yet I want to leverage the infrastructure," Kim Cameron, Microsoft’s directory architect, said at the software giant’s Professional Developers Conference in November.
“The question is how do you maintain that legacy and at the same time innovate in the new context and the move toward public and private cloud services,” Lewis says. “The cloud infrastructure is a completely different architecture, a massively different set of scaling problems and an order of magnitude difference in security concerns. It is hard enough to solve these problems if you start with a clean sheet of paper, it is another to solve them and maintain a legacy.”
Lewis says the question is whether Microsoft breaks the past to create the future, or hobbles the future to create a migration path. “These are the challenges Microsoft faces with many of its products, and AD is no different,” he says.
Enterprise IT pros will be watching to see how Microsoft handles these evolutionary challenges.
One user who requested anonymity notes that despite NGAD’s introduction, there are precious few details surrounding AD for the cloud.
In addition, he says, there have been few appreciable changes in 10 years. “People still are afraid to change the schema.” Also, the Active Directory Lightweight Directory Service (formerly called ADAM), which is mostly an Internet focused directory, isn’t on par with AD in terms of management tools, making it in essence a separate deployment.
But in addition to those observations, the user says AD is without doubt the dominant directory in use worldwide. “Find an enterprise that is not using it,” he says.
A decade ago that would have been a snap, but today that has changed and the original skeptics have been proven wrong.