Microsoft to simplify directory management

Goal is to make Active Directory easier to use, set-up, administer

CHICAGO – Microsoft is developing a number of tools and technologies designed to make it easier to manage users in Active Directory and for companies to confirm identities with partners.

Prototype of the tools were shown Monday at NetPro's annual Directory Experts Conference (DEC) conference and focus on a simple interface that streamlines the discovery of user and schema information. The federation tools provide a simple UI that fronts canned and customized PowerShell-based scripts that build federations via Active Directory Federation Services (ADFS) and lets companies securely share data.

The prototypes were demoed by Joe Long, general manager of the connected identity and directory at Microsoft, during his keynote presentation to open the three-day conference.

Long stressed that the technologies were merely prototypes but said his goal was to upgrade all the major components of the identity and access tools, which are part of Active Directory, over the next 24 months.

The latest version of Active Directory shipped a week ago with Windows Server 2008, including tools for automatically setting up servers to support such roles as federation. Microsoft's current update cycles call for a minor or R2 version of the server every two years and a major release every four years.

But development of new features is in full stride, Long said.

Alain Lissoir, program manager for the management infrastructure group, showed off a new management UI that would become an option to the directory's users and groups snap-in to the management console.

The UI used what he called a system of progressive disclosure that is similar to type-down addressing. The interface builds a view of the directory as a user inputs information rather than providing everything at once and forcing the user to search for information.

As an administrator types in information the directory matches results to the query. For example, if a user typed in the name "Kevin" the UI only would show users named Kevin. The same is true when searching for user attributes or other data stored in the directory.

The new management UI would work against multi-domains and forests in the directory and takes advantage of PowerShell scripting. It also has navigation controls so users can show or hide certain information fields.

The goal is to hide the sea of tabs administrators see now when managing the directory and make it easier to crawl the directory's structure or tree.

The UI also has a section to let users work with custom schema and attributes within the tool, which is not possible with the current management interface.

Lissoir said work on the management UI is still very early and many questions remain to be answered, such as access control.

The new federation tools use prebuilt scripts programmed against ADFS to automate the creation of federations between companies.

ADFS has been part of the directory for some time now, but the complexity of architecting a system across company boundaries is one factor that has been holding back mass adoption of federations within the Microsoft platform.

Microsoft' Stuart Kwan, director of program management for identity and access, showed a simple UI that used three questions before kicking off an automated federation set up so users from one company could access a SharePoint server running in another company.

Kwan started with an unconfigured federation server and by the time the scripts had run the server was configured, metadata had been exchanged, and certificates created.

Kwan said the new tools are incorporating the WS-Federation protocol being developed for standardization by the Organization for the Advancement of Structured Information Standards to promote cross-platform integration.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)