With Active Directory, interoperability is a must

By Laura E. Hunter 27 Oct 2005 | SearchWinIT.com

Digg This!     StumbleUpon     Del.icio.us

In the early days of Active Directory and other Windows server products, Microsoft seemed to be betting the farm on the idea that enterprise networks would rely solely on Windows-based technologies for all aspects of their infrastructure. This quickly proved to be far from accurate, however, as it became clear that even moderate-sized networks often need to interoperate with non-Microsoft lines of business applications and heterogeneous operating systems on both the server and client side. In order to be considered a viable option for an enterprise network, Active Directory needs to be able to provide a way to integrate and interoperate with a multitude of technologies, both those that run on the Windows platform and those that rely on UNIX, Linux, or other third-party or Open Source operating systems.

Using Active Directory on a non-Windows platform

A common example of this need for interoperability is an organization that wants to deploy Active Directory, but is committed to an existing UNIX BIND DNS infrastructure. While much of the documentation that you'll find on Active Directory assumes that you're working in a pure Windows 2000 or 2003 DNS environment, most of the DNS features that you'll need to support Active Directory installations are available with all modern DNS implementations. As long as you're running a recent version of the BIND DNS software, it'll be a relatively simple matter to integrate your Linux DNS with 2000 or 2003 Active Directory. You can either use your existing BIND servers to support your AD deployment, or you can delegate a portion of your DNS infrastructure to be run by your Active Directory administrators to allow your clients to take advantage of certain Windows DNS-specific features such as AD-integrated DNS zones and secure dynamic updates.

Windows Services for Unix

Another component of Windows that improves its interoperability is Windows Services for Unix (SFU), which is freely downloadable from the Microsoft website. (An expanded version of this is built into the upcoming "R2" release of Windows Server 2003.) You can use SFU to allow your Windows clients to access resources on UNIX servers or your UNIX clients to access Windows-based resources, both without needing to install additional software on your UNIX hosts. SFU also allows you to map UNIX usernames to Windows SIDs and vice versa, allowing your users to come closer to the elusive "single sign-on" experience.

Connecting two separate services

You even have the ability to synchronize two completely separate directory services so that user information can be updated seamlessly in multiple locations, whether you're talking about multiple Active Directory forests or synchronizing AD with a third-party application or service, including SAP, PeopleSoft, and Lotus Domino. The Microsoft Identity Integration Server (MIIS) allows you to create connection agreements between many different data stores so that user information and passwords can be maintained across the enterprise. MIIS currently comes in two versions: the Identity Integration Feature Pack (IIFP), which is a free download but can only synchronize information within Active Directory itself, Active Directory Application Mode (ADAM), and Microsoft Exchange 2000 and 2003. If you need to integrate with other data sources, including Exchange 5.5, you'll need the full-blown paid version of MIIS which allows for synchronization with a much wider range of data sources.

Sound Off! -

Tags: Active Directory Integration and Interoperability,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us