• United States

Microsoft outlines roadmap for Active Directory and identity

Apr 03, 20062 mins
Access ControlNetworkingSecurity

* Microsoft's four areas of focus for identity management

Last week, at Netpro’s Directory Experts Conference, Stuart Kwan, Microsoft director of Program Management for Identity and Access, delivered the keynote, a roadmap for Active Directory and identity within Microsoft operating systems and services.

He outlined four major areas that would be the focus of the upcoming efforts:

* Connect and federate via service-oriented and policy-based architecture.

* Make process-driven lifecycle management integral to the platform.

* Refine core services while building new capabilities around them.

* Simplify through long-term unification.

The “connect and federate” area is going to be dominated by Microsoft’s InfoCard and Identity Metasystem initiatives (which we’ve presented in earlier issues of this newsletter as well as in the Windows Networking newsletter).

Lifecycle management is best exemplified by the new facilities for Microsoft Identity Integration Server (MIIS) including automated provisioning and de-provisioning; automated, self-service, and/or delegated administration; and better reporting and analysis of identity issues.

By “refine core services,” Kwan means adding new functionality, improving existing functionality and returning functionality that’s been lost. Evidently, many customers have been bemoaning the loss of Backup Domain Controllers (BDC), remembered fondly from Windows NT. The next rev of Active Directory will include the newly christened “Read Only Domain Controller” which many are calling “son of BDC.” Managers will also have the ability to mount Domain Controllers on a bare bones server core (no GUI, no unneeded services) to improve performance and security.

The final step, simplification, will occur over time as better integration of the many Active Direcotry-related services is achieved.

The roadmap seemed well received by the audience, it just remains to be seen if Microsoft can deliver.

Centrify, co-sponsor of the event, took the opportunity to announce Version 3 of DirectControl, the neat service which allows you to administer your heterogeneous network (Windows Servers, Linux, Unix, Macintosh) with Active Directory. The breakthrough feature of Version 3, at least as I read it, is the ability to bring the strength of Group Policy to the Macintosh platform – something that’s been impossible up to now. Version 3 should ship in a month or two. Check it out at the Centrify Web site as soon as it does.