Women in Technology

Hear us Roar



Article:
  Unfinished Business Part 2: Closing the Circle
Subject:   Boy - still wrong
Date:   2003-07-12 10:39:16
From:   anonymous2
"Several people took me to task for failing to give credit to Novell's NDS package which, to be fair, is the granddaddy of modern commercial enterprise directory services."


Actually, that would be Banyan Vines - I see you are still not doing any research.


I also take issue with you reference to eDirectory (NDS isn't made anymore) being called "granddaddy" - it's a poor attempt to insult a mature and stable directory service.


Now, some downers regarding AD:


1) need to do some repairs on AD? Drop your server and reboot into a special repair mode. Of course, this kicks the users off the server and shuts down all the services.


Need to do the same thing in eDirectory? Run DSREPAIR while the server and services are still running and the users are logged in.


2) AD is NOT a directory service. Why?


a) security is not designated at the container (.O or .OU) level. You still need to use Groups (ala Domains) to delegate rights.


b) file/folder permissions are not stored in the directory but at the server itself.


c) you still cannot have duplicate user objects in the heirarchy. Proof:


i) create a single domain tree
ii) create an organization (.O=ACME)
iii) create two organizational units (.OU=Marketing, .OU=Sales)
iiii) create a JDOE account under Marketing


now attempt to create a JDOE account under Sales.


you will find you cannot do it. Why? Because the Domain "tree" is still a flat file database.


even though .JDoe.Marketing.ACME and .JDoe.Sales.ACME should be completely unique objects with completely unique names (as their fully distinguished names indicate) - Microsoft AD prevents their creation.


Which means the only way around this limitation is to create multiple Domain Trees in the Domain Forest.


Correct me if I am wrong, but I believe you can have only one replica of a Domain Tree per server - this would force the installation of multiple Windows servers to provide adequate replication. Not an easy or cheap task for small/medium businesses.


AD also requires more resources. A eDirectory database with x number of users could eat up 9MB of disk space. That same AD database with the exact same number of users eats up 90MB of disk space. That means more data, more data to replicate, fatter data pipes to allow replication.


Then you have the whole Microsoft/security issues they've never been able to squash. I especially love the AD vulnerability that allowed reqular users to give themselves Admin rights or change the Admin password...


nifty that AD. Just nifty.


Now you understand why it's an eDirectory world, and always will be.

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • Boy - still wrong
    2003-07-22 17:17:24  anonymous2 [View]

    "c) you still cannot have duplicate user objects in the heirarchy. Proof:"

    Just be glad AD isn't a national phonebook! Or even a company phonebook.

    Or a small company.

    Or a phonebook for a sole proprietorship!

    Hah! See, it works!

    :-P