LAS VEGAS - Microsoft is racing to fill gaps and integrate technology into its identity management platform before customers shift to tools from other vendors.

Active Directory is being driven beyond its authentication and authorization roots, the company told attendees last week at the NetPro Directory Experts Conference, an independent forum focused on Active Directory and Microsoft Identity Integration Server (MIIS).

The plan, originally outlined in February, is to make Active Directory, and a handful of add-ons for such tasks as rights management, a hub that supports many technologies targeted at identity and access management, including sophisticated provisioning tools now lacking from the Microsoft lineup.

While that is a noble goal, some analysts urge caution. "Active Directory is more stable and scaleable than many predicted it would be," says John Enck, an analyst with Gartner. "But you can't use [Active Directory] for everything."

Enck says Microsoft needs to add or improve workflow, password management, user self-service and delegated administration capabilities to Active Directory and MIIS, the core of its identity platform. Both are foundation elements for Microsoft's strategy.

Ultimately Microsoft would like this core to support strong credentials, access control, single sign-on, federated identity, information rights protection, process automation and auditing. The strategy also calls for integration with Microsoft's Identity Metasystem initiative, user-centric privacy controls called InfoCard, a Longhorn middleware technology called Windows Communication Foundation and a slate of Web services-based protocols.

Users at the conference said they agree with the message and want to build out their Active Directory deployments to deal with the realities of privacy and access controls dictated by regulatory compliance issues.

Microsoft's moves have been fueled by a recent wave of consolidation among identity vendors that has seen IBM, Oracle, Sun, Novell and others moving to create identity management platforms.

While some users are waiting for Active Directory to catch up with their needs, others say they have moved ahead with third-party tools for such things as workflow, single sign-on and Web-based access controls.