Active Directory gains broader role

Microsoft last week laid out a new road map for Active Directory designed to transform it into the centerpiece of the company’s effort to provide users with an integrated identity management platform.

While the directory has been a core piece of Microsoft’s identity infrastructure, it will become the platform for strong credentials, access control, single sign-on, federated identity, information-rights protection, process automation and auditing.

Microsoft plans to build that collection of identity technologies directly into the server operating system as part of Longhorn Server, which is slated to ship in 2007. The technologies will become installable features much like DNS is today in Active Directory. Beta 2 of the server, which includes the new identity features, is expected to be available before the end of June.

Experts say one of Microsoft’s weaknesses has been lack of integration among its identity technologies. That weakness has been highlighted over the last year as Microsoft competitors such as CA, IBM, Oracle and Sun have each integrated their technologies to create their own platforms.

“Pulling this together so that it is all integrated is the good news,” says John Enck, an analyst with Gartner. “I worry, however, that this makes Active Directory seem too complex. I worry about them taking this too far. What’s next, Active Directory Server 2007? Where do you end the platform and start the directory services or the identity management platform? They are not clear on that and I think that will confuse the market.”

What is clear is that many of the services that rely on Active Directory for object or user data are now being renamed (see graphic) with the Active Directory tag. Microsoft internally also has created an identity and access management group headed by company veteran Peter Houston.

Microsoft officials say the first wave of integration will be related to common set-up features and documentation.

Michael Stephenson, group product manager for Windows Server, says customers will be able to activate any of the new Longhorn directory services without having to redeploy their entire Windows Server 2003 domain architecture.

Gil Kirkpatrick, CEO of an independent software vendor called NetPro, says, “We have seen the early code on this and it looks like they have the platform well defined.”

The integration also supports Microsoft’s Identity Metasystem initiative, which was unveiled last June and includes Active Directory along with user-centric privacy controls in the form of a client technology called InfoCard; a Longhorn middleware technology called Windows Communication Foundation (formerly Indigo); and a slate of Web services-based protocols.

Microsoft also announced the first beta of its Certificate Lifecycle Manager, policy and workflow-driven software acquired when it bought Alacris.

In addition, Microsoft says InfoCard will be supported in Internet Explorer 7.0.