Administer NT domains easily

Administering Windows NT domains is a hassle, especially if you have multiple domain trust relationships in a corporate environment with many users. Scaling your enterprise management to grow with your user base is difficult. And merging NT domains in the case of a company merger is a nightmare.

FastLane Technologies' DM/Suite solves many domain administration problems. This directory management tool lets you seamlessly manage multiple NT domains, trusts, user accounts, groups, and resources. The product creates virtual domains, which are organizational elements in the software's view of your directory structure. These virtual domains provide tight control over user permissions. DM/Suite also provides domain migration and reconfiguration services that scale to large environments.

Components
DM/Suite has three components: DM/Administrator, DM/Manager, and DM/Reporter. Each tool has a unique set of functions, and the tools work together to provide a cohesive foundation for managing NT domains.

DM/Administrator provides a more granular level of administrative control than NT's native domain management tools offer. This component lets administrators selectively control resources but doesn't subvert NT's native security systems.

DM/Manager lets you migrate and consolidate multiple large NT domains into a sensible system of resources. Administrators who wonder how they'll organize their domains when they upgrade to Windows 2000 (Win2K) will be relieved to know that DM/Manager helps you merge domains and plan a domain structure to condense expansive networks.

DM/Reporter provides statistical data about current or past domain actions that you log to a Microsoft SQL Server or Microsoft Access database and that you can access via ODBC-compliant drivers. This component also reports on the other two components.

To test DM/Suite, I installed the software on a dual 200MHz Pentium II system with 256MB of RAM and Fast SCSI-2 drives. My test server was running NT Server 4.0 with Service Pack 4 (SP4).

Installing DM/Suite is simple and takes only a few minutes. You must install DM/Administrator's proxy service on the PDC or a member server. This requirement is logical because the PDC houses the authoritative security accounts information, and you want the software to use the best possible data. You can install DM/Administrator's server and client interfaces on any workstation or server, and you can install the DM/Manager and DM/Reporter components on any NT workstation or server.

Testing
My test server is on a network segment with a switched 100Mbps fiber-optic Ethernet backbone that sports Cisco Systems 2820 and 2916XL switches. A Cisco Systems 2514 router connects my test server's segment to my network's other segment. I configured the second network segment as purely switched and routed it to the TCP/IP segment with internal DNS and WINS for operations support. I used my corporate NT domain structure, which includes two NT domains, to perform the tests. Unfortunately, I didn't have access to thousands of users to fully test the software's DM/Manager component.

I defined a virtual domain, called Web Customers, for my Web-hosted customers. I wanted to secure granular control over my growing network and give other systems administrators tighter control over certain aspects of network operations.

Before I told DM/Suite which domains to manage, the software checked for existing domains and trust relationships, as Screen 1, page 165, shows. After I added my two domains in the Setup NT Domains dialog box, I created new user accounts within my virtual domain.

DM/Suite excels at domain administration, but your domain must be in good shape to begin with. Before you use the software, you'll want to define global groups within NT domains to accommodate resource growth. When I tested the software, I already had several global groups on my network.

I added three global groups from my main domain to the virtual domain: Domain Admins, Users FTP Group, and Users WWW Group, as Screen 2 shows. When I performed this action, the software slowed a bit. After DM/Suite updated the groups and properties in the cache it uses for domain control, changes to the new virtual domain were fast. The software's improved caching abilities were noticeable even on my small networks.

You can configure DM/Suite to use log files for system logging and snooping. The software monitors the system level for changes, intrusions, and breaches, and it logs cache performance and licensing problems. The product's detailed logging capabilities are useful when you need to examine your systems.

DM/Suite extends security by letting you create custom roles in the virtual domains. You can define these roles down to the action you want to grant users permission to perform.

As I created custom roles, I noticed some options I'd never heard of, such as Copy share, Edit comment on share, and Edit maximum users accessing share. I created a role called FTP Admin that let only users in Users FTP Group edit FTP shares and attributes. DM/Suite provides a degree of granular control not available in NT Server's native tools. Even the Microsoft Windows NT Server 4.0 Resource Kit lacks tools that offer this level of administration.

Finally, I tested DM/Suite on a network client machine running NT Workstation 4.0 with SP4. I edited the virtual domain that I created earlier, and I logged on to both domains to make changes. I encountered no problems making changes to the network structure from the client machine.

Documentation
DM/Suite's documentation comes in three sections that correspond to the software's three components. I used draft manuals for my tests, and the only problem I noticed was the manuals' repeated references to Windows 95 as the client machine, with no references to Win98 or NT Workstation. I found no technical problems with the software's documentation.

The DM/Administrator guide tells you how to administer the virtual domains and includes step-by-step instructions. This document clearly explains procedures and includes useful figures to aid understanding.

The DM/Manager guide explains the functions you can perform within NT domains. The guide includes all the basic instructions you need for domain migration and checking.

The DM/Reporter guide tells you how to report on live and historical data for domain-management status. This document thoroughly explains how to present data in a meaningful manner.

A Winner
DM/Suite's smooth user interface (UI) makes the software simple to manage. In previous versions, you needed to run multiple executables to perform actions, and the product's features lacked fluidity. The current release offers one-stop domain controls for easy management. The software provides useful features that native NT tools lack. I'm anxious to see how FastLane improves the product when Microsoft releases Win2K. Based on the software's current performance, I predict it will be a winner well into the future.

DM/Suite
Contact: FastLane Technologies * 902-421-5353 or 800-947-6752
Web: http://www.fastlanetech.com
Price: Starts at $25 per managed user; discounts are available depending on the total number of licensed seats
By component:
DM/Administrator, $7 per managed user
DM/Manager, $12 per managed user
DM/Reporter, $6 per managed user
System Requirements:
Windows NT Server 4.0 or NT Workstation 4.0 with Service Pack 3 or later; Windows 95 (DM/Administrator), 16MB of RAM, 20MB of hard disk space