Active Directory (AD) is 10 years old. Yep, we're all getting old. “Back then, people didn’t know what to expect,” says Robert Haaverson, CEO and CTO of Imanami, a provider of AD and Exchange identity and group management solutions. “Novell and Sun were the only two in the directory space. Novell’s was cryptic. Microsoft came late to the game.”
How has AD changed? “In the beginning you had this thing of ‘no one’s going to change the schema.’ The only apps allowed to change the schema were Microsoft apps. About 2003, 2004, the big thing was disaster recovery—‘how do you prevent a replication disaster?’ The only strategy was to have a VM that was online once a week and replicated changes and then shut down. That’s not even on people’s disaster recovery radar now.”
And now? “I’m surprised it took 10 years to get undelete/unrestore,” Haaverson says and adds, “The fiefdoms are gone. You went to a large organization in the late 1990s, every department was running its own shadow IT. Getting people on board with a central IT was big. And there are a lot more Microsoft products putting their stuff in AD—it has to work, Microsoft has built so many other products on it. The most popular products depend on AD. It’s more robust now.”
Adds Edward Killeen, Imanami VP, “Microsoft creates an ecosystem of ISVs. It takes a while to find out where the holes are, and then the ISVs come in and fill them. There are some great extensions to AD—that’s a sign of its maturity.”
“What people are struggling with today is there are so many instances of AD,” Haaverson says. “You need to consolidate. Objects in the directory that are no longer necessary are still there, taking up space. When an object exists beyond the time it adds value, you’re limited because you can’t tell when a group is being used. You could delete it and see who calls,” he says, mentioning a typical admin-in-the-trenches strategy to determine whether an object is still needed.
Will AD ever make it to the cloud? “That’s tough,” Haaverson says. “AD is protected with a vengeance. Why would you want to push it to the cloud? What do you do if the Internet goes down? If you’re going to push all the other products to the cloud, you need AD, so you replicate the directory. So I think that’s where we’re headed—you’re not going to outsource your AD but you’re going to replicate it.”
“Maybe you would replicate certain attributes,” he adds. “I see sending certain aspects of the directory to the cloud. Maybe the next-gen AD would involve putting AD in SQL Server, replicating AD to do transformations on it without it affecting your real AD data. You’d have access based on query results and store the results of those queries so you wouldn’t have to run them again.”
Whether or not AD’s future is in the cloud, I’ve heard many in the industry say that it seems Microsoft is throwing stuff out there and seeing what sticks.