re: Time for an Active Directory Redesign?

rdeluca — Wed, 26 Apr 2006 07:32:20 GMT

I think these are great ideas, but so far we've taken a different approach to the directory. Features like data validation/enforcement have been left to other Microsoft products while we focused on ensuring AD was a stable, reliable, secure directory platform.

Integration between the file system and AD is a common request from NDS folks, but I think the issue runs deeper than the file system. It's an authorization/entitlement issue in general. Think of file services as a consumer of authorization information, just like any other application. We're looking at better ways of handling authorization, especially when you need to enforce and audit across a large globally distributed enterprise.

So what does it really mean for something to be "done" in AD? Is it having a single console to manage these functions? Or is it storing the configuration information in the directory? Or are you saying the AD code itself should perform these functions? From an end-user perspective I suspect the requirement is somewhere between a single console and leveraging the directory for config data.

re: Time for an Active Directory Redesign?

Ian Swartz — Thu, 06 Apr 2006 19:32:19 GMT

I'd like to see A/D do a lot of things that us 'Legacy' (i.e. those with Novell NDS experence) took for granted in NDS.
For example, why not use A/D to assign file and folder permissions. Then you could run a query against A/D and see what rights a user has to all files and folders in their domain?
You could use 'Aliases' to show a folder as more than one name (Although DFS sort of helps with this).
You should be able to see in user properties a history of when the user logged on/off.
The list goes on, but the MORE you can do through A/D the better.
DFS and Printer management should be A/D functions.
File replication should be done in A/D.
I think you get my gist.
A/D has always been more cumbersome to use than NDS ever was.