Ten years ago today* a few of us DCPROMO’d the first domain controller for Intel’s Active Directory root domain, less than two months after the product was released as part of Windows 2000 (February 17th, 2000).
Intel was part of the Windows 2000 Joint Development Program (later called the Technology Adoption Program), a collection of about 30 companies that worked closely with Microsoft as the product neared its release. Our promise was that we’d deploy it very quickly and provide them real-world feedback. We were a little more than a month behind the Microsoft IT team led by Stuart Kwan. We built the forest from scratch and migrated resources into it, rather than upgrading any existing NT4 domains. We wanted to start CLEAN and not carry forward any crud from our twelve NT 4 master domains (remember those?).
As Intel is a very distributed company, with major locations in California, Arizona, Oregon, New Mexico, and Massachusetts, we weren’t all in the same room “throwing the switch” as the video showing Stuart and a very young Nathan Muggli doing for Microsoft IT. So it was a bit underwhelming. But we knew it was a momentous occasion; you can only create the first world-wide authentication and authorization network service for a company once. (And of course you don’t want to screw it up enough to need to redo it.)
The CORP forest founders on the NTI (NOS Technology Integration) team were John Dunlop, Steve Grobman, Chris Jones, Mike Breton, Alan Isham, Mike Reed, me, and manager Don Trapnell. I apologize profusely if I’ve left anyone out; I’m sure I have. It has been ten years, after all.
“We can neither confirm nor deny…”
I must bring up a bizarre aspect of all this. If you work for Intel, you aren’t allowed to actually say that Intel has Active Directory. Or Windows for that matter. The logic from Intel Legal (aka the Thought Police) goes something like this:
- Intel is a big, highly influential company with deep pockets.
- If a representative of Intel says, “Yes, we love this product” or “No, we hate that product” it can theoretically impact the profit of the product’s company (or even sink it if it’s small enough).
- Aforementioned company sues Intel.
Therefore Intel has something called the Hogue Rule, which basically requires that they never say what products they do and do not use. Now of course, this is where law butts up against reality in a way that particularly chafes technical people. This is Intel, right? One half of Wintel (oops, that’s also specifically prohibited)? The company that helped power Microsoft to world domination? Fortune 75? Who out there doesn’t think Intel uses Active Directory? Anyone? Anyone?
Ridiculous. I got around it by substituting “directory services” for Active Directory in my presentations. And CORP is the most common AD root domain name in the world.
I’ll honor the Intel Thought Police by not giving any more details beyond what Intel’s CORP forest was like, in general, when I left the company:
- User objects – high five figures
- Computer objects – low six figures
- Security groups – solid five figures
- Domain controllers – low three figures
Happy Birthday, Intel er…directory services!
* ldap_search_s(ld, "DC=corp,DC=intel,DC=com", 0, "(objectClass=*)", attrList, 0, &msg) Getting 1 entries:
whenCreated: 4/5/2000 8:55:45 AM US Mountain Standard Time;