Microsoft, Novell Clear Paths Between Directories

Network executives overseeing mixed Novell and Microsoft environments are about to get a variety of options for integrating the pair’s respective directories.

The options are being rolled out by Microsoft Corp. and Novell Inc. in anticipation of Microsoft’s delivery of Active Directory, most likely by year-end. Active Directory will enter a market dominated throughout most of the 1990s by Novell Directory Services (NDS).

For its part, Microsoft earlier this month finally introduced a tool that supports bi-directional replication between its forthcoming directory and NDS. Microsoft also has made available Via 2.1, the metadirectory technology it acquired when it bought Zoomit earlier this year. Metadirectories allow enterprise-wide management of user identity data, such as account information, passwords, configurations and access rights, that is stored across directories.

Novell, meanwhile, is testing a beta version of DirXML, a tool that can synchronize NDS and Active Directory. DirXML allows updates made in either directory to be replicated between the two environments.

Novell, however, is missing a product similar to its NDS for NT that would let NDS take over Active Directory and centrally administer NetWare and Windows 2000 networks. NDS could be used to create user accounts, define access rights and oversee password changes for both types of networks. Novell’s NDS for NT intercepts calls for user identification data to the NT Security Account Manager (SAM) and redirects them to NDS. The process allows NDS administrators to bypass NT administration.

Novell plans to come out with a product similar to NDS for NT that supports Active Directory/Windows 2000 networks, but observers say this will be a challenge, given that Active Directory is built right into Windows 2000.

“NDS for NT was an engineering feat in itself,” says Daniel Blum, an analyst with The Burton Group. “It’s a whole lot harder to replace Active Directory than the NT SAM. I don’t think Novell can replace Active Directory, but rather can only augment it with DirXML.”

Novell’s DirXML is a set of connectors to synchronize NDS with other directories, including Active Directory, Lotus Notes and SAP.

Novell understands the complexity of Active Directory and will not initially try to redirect calls away from it, according to Gary Hein, Novell’s corporate strategist. The company this year will ship NDS 8 for NT, which supports Windows 2000. But redirection has been eliminated and replaced with DirXML to integrate with Active Directory. The company plans to preview the technology at the end of this month and may add redirection in the future.

“Redirection is more difficult with Active Directory,” Hein says. “With the SAM, we just had to replace one Data Link Library; with Active Directory, you have to replace a whole subsystem.”

Microsoft is countering with a new bi-directional synchronization tool called Directory Synchronization Services (MSDSS). This technology replaces Microsoft’s DirSynch, which had come under fire because it only allowed for synchronization of Active Directory data to NDS. The technology forced NDS users to make Active Directory their focal point for user administration.

“Microsoft was finding that in mixed environments Novell users were saying ‘no thanks’ to DirSynch and using NDS for NT, which has bi-directional capabilities,” says Dave Kearns, an independent analyst and Network World columnist.

MSDSS will be part of Microsoft’s Services for NetWare 5, a collection of network and gateway technologies to link Windows and NetWare. MSDSS is expected to ship when Windows 2000 ships.

“We recognize that customers will make changes to the data in NDS and in Active Directory, and it is important to connect the two,” says Peter Houston, lead product manager for Active Directory.