I spoke with Microsoft's Stuart Kwan and Kim Cameron last week at NetPro's Directory Experts Conference. Kwan is the director of program management for identity and access in the Windows Server group, while Cameron is identified as "identity architect" - that means eminence grise, or the guy Kwan can blame for the really bad ideas.

The important message I got was that (finally) Microsoft was taking identity - and Active Directory - seriously. Well, the company is taking Identity and Access Management seriously, and to do that it needs to give priority and prominence to Active Directory. It's a far cry from 1999 when Active Directory was often considered an evil - albeit a necessary evil - adjunct to the server operating system. Users drove the change in priorities because they demanded better facilities to support federated services, regulatory compliance, electronic provisioning and more - all of which rely on the directory as platform.

The duo outlined the road map for the directory going forward. First, in the upcoming R2 release of Windows 2003 Server there will be schema extensions in support of Unix and Linux compatibility. Yes, Microsoft is admitting that you might have some non-Windows platforms in your network mix! The new extensions will facilitate third parties (such as Vintela and Centrify) that provide authentication services to non-Windows platforms but have run into some resistance from users not wishing to do ad hoc schema extensions.

There are big plans for the next release of Windows server (code named Longhorn), including the concept of Read-Only domain controllers (all the best parts of the old back-up domain controller without the headaches). Because Longhorn also will allow you granular control of the services running (including such anomalies as a command-line driven Windows server), you'll be able to build a minimalist domain controller with few other services running thus minimizing the security holes that might be available.

Two huge gains for IT and ID managers to come in the Longhorn release are the ability to differentiate between Domain Administrators and Domain Controller Administrators (for much better security), and a resetable Active Directory to minimize the number of required re-boots. Increased security and less downtime are two good reasons to look forward to Longhorn.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports