I've been waiting for "The Year of the Directory" for 15 years, basically since "The Year of the LAN," which, if I recall correctly, occurred in 1983, 1984, 1985, and briefly again in 1988. But as I write this in 2003, there are very few enterprise networks that are not running a directory of one sort or another. While I was patiently waiting at the front door, the directory slipped in the back. I must have been napping on the couch.
The Year of the Directory never came, nor will it ever. Just as with TV, fax, LANs, cell phones, and the Internet, we've experienced another sea change in communications and information technology. But no one can point to the time when the change "happened." Ocean tides have a well-defined schedule, but watershed technology changes are more like global warming. "Look, Honey! The waves come right up to the front porch!" The IT industry has simply evolved over time to assimilate yet another new technology, making our ability to communicate and compute more seamless, more pervasive, and more affordable.
And that's sort of the point of directories: to make it possible for us to build larger, more sophisticated networks that don't collapse under the weight of their own complexity. The first commercial NOS with an integrated directory, Banyan's VINES, was a startling success in this regard. At a time when most enterprise IT executives were just dimly aware that workgroup LANs had utterly subverted their minicomputer and mainframe-based strategies, a relatively few prescient CIOs had seen the future, building centrally managed, global PC networks based on Banyan's distributed and replicated directory, StreetTalk.
I loved VINES and StreetTalk because they made it possible to operate distributed enterprise networks with extremely low administrative costs. The VINES NOS provided competent file, print, and communications on industry-standard server hardware. The StreetTalk directory service added secure, distributed naming and authentication across the entire network. VINES also came bundled with a directory-integrated email system that was a model of simplicity and scalability. VINES administrators enjoyed all this with a low level of administrative overhead that we can only appreciate in retrospect. Bringing up a new VINES server running both the directory and email service amounted to loading the OS (27 floppies worth!), configuring the NIC, and giving the server a name. Troubleshooting tools were mostly nonexistent because there were mostly no troubles to shoot. And when there was a problem that we couldn't sort out using the primitive tools we had, waving a dead chicken over the suspect server usually took care of it. StreetTalk made VINES as close to a "set it and forget it" network as the industry has ever seen, which is just what directories are supposed to do.
Banyan's 10-year lead in the enterprise network market evaporated in about 5 years, due to many factors: inept marketing, the introduction of a competitive directory from Novell (NDS, now called eDirectory), and ISV support that could only be described as hostile. Banyan's demise as a NOS company was as ugly as it was inevitable.
The NOS directory market is now left to Novell's eDirectory and Microsoft's Active Directory. eDirectory does well in many situations, but for building enterprise-scale, Windows-based networks, Active Directory's dominance seems inevitable.
Now I'll admit to being a big fan of Microsoft's Active Directory. Active Directory is a wonderfully sophisticated piece of software that performs well, scales up and scales out, and does an outstanding job of integrating computers running earlier Windows operating systems such as Windows NT 4.0 and Windows 98. I doubt that Microsoft has ever produced a piece of software as reliable as Active Directory, particularly in its 1.0 version. I'd be really surprised if there's an enterprise that can't implement Active Directory successfully.
But all that sophistication and performance requires a substantial amount of care and feeding. Running a VINES network was like driving a 60s vintage VW Beetle: push, pull, left, right, and the Bug did pretty much what you expected. Managing an Active Directory enterprise is more like piloting a Lear jet. If you don't know how to use all those knobs and dials properly, you've got a good chance of leaving a smoking crater in the ground.
A competent Active Directory administrator must have at least a passing understanding of a handful of different technologies, including DNS, WINS, Kerberos, LDAP, and the Windows operating system itself. And he must be able to perform more than a hundred different tasks using more than 30 different utilities. Even if you've read the books and taken the classes, becoming a skilled Active Directory administrator requires detailed knowledge of the ins and outs of Active Directory. Although Active Directory simplifies the management of a large network substantially, much of the administrative overhead has simply shifted to Active Directory itself.
That's where the Active Directory Cookbook comes in. Robbie Allen has produced an outstanding reference that spells out how to perform the hundred-plus tasks that an administrator is likely to perform during the Active Directory lifecycle. The Active Directory Cookbook is essentially a book of checklists for the professional Active Directory pilot. Each administrative task includes background information, step-by-step instructions, and references to more detailed information on Microsoft's web site. If you need to do something with Active Directory, Robbie shows you how to do it with a minimum of fuss and bother.
I've known Robbie for several years, both as a first-string speaker for NetPro's Directory Experts Conference and as a frequent contributor to Tony Murray's activedir.org mailing list. Robbie brings a rare combination of skills and knowledge to the table. He has the rare ability to blend an in-depth knowledge of how Active Directory actually works, hands-on understanding of what an administrator needs to do (and not do!) to successfully deploy and run a large Active Directory installation, and a Unix administrator's inbred desire to automate everything with scripts. So not only does Robbie deliver a "how-to" for every Active Directory administrative task you're likely to perform, he shows you how to automate it using a combination of VB Script, Perl, batch files, and command-line utilities.
And that's what really excites me about this book. A catalog of step-by-step instructions for common Active Directory administrative tasks would be useful by itself. But by providing a programmatic solution for most of these tasks, Robbie has laid the groundwork for automating most of your day-to-day Active Directory management tasks. And that brings you a step closer to what you ultimately want: a network with the performance and sophistication of Windows and Active Directory, and the simplicity of administration we haven't had since VINES and StreetTalk. That would be a mighty powerful combination.
Gil Kirkpatrick CTO, NetPro