IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Windows vX.X Forum / Re: AD is NOT NDS..... NOT NOT NOT NOT....
Post #50,122
by deSitter
Picture of deSitter
8/22/02 12:00:32 AM
Reply
New Re: AD is NOT NDS..... NOT NOT NOT NOT....
On the surface, you are right, AD seems to be a directory grafted onto a domain. But really, it's more like a domain (as in iwethey.org) endowed with a security schema and user contexts. This is not so different from NDS (how could directories really be very different anyway) and in some ways is better because it maps closely onto the Internet. NDS is a nice abstract directory, but AD really is a decent new idea. I am honestly surprised how many reasonable ideas are in Windows 2000 Server. I think this is mostly due to pressure from UNIX networking. Windows NT 4 really was a disgrace in comparison to UNIX, something that became widely apparent as Linux gained popularity. I didn't think software living in the NT world could ever be anything but shit. I would guess that Cutler was a non-factor in the final form of Windows 2000.

I criticized MS and MS consultants unmercifully because they could never explain how they were going to move large domain models over to directories. The answer turned out to be - people paid more attention to their WANs from 1996-2001, and so LAN Manager domain models, which were already dated in any case, gracefully vanished.

Now that NT 4 is dead, OS/2 can breathe easily as the world's leader in NetBIOS technology.
-drl
Post #50,259
by folkert
Picture of folkert
8/23/02 8:11:39 AM
Reply
New Re: AD is NOT NDS..... NOT NOT NOT NOT....
Well, NDS is not NDS anymore.... it is a Divorced Product from Netware. Although NetWare still comes with it... development is not depedant on new NetWare features to expand.

eDIR runs on about 10 Different *NIX and Windows and NetWare. Now as for your comment about AD being a Domain (as in Domain-Name) well, it is piss poor at that level even. eDIR has SOOO much more extensibility and functionality it is a shame to call AD anything but AD and not a Directory... Try and get AD to play with *NIX at all... how do you do group matching when AD won't even properly export all of the attributes you would need to to do group based ACLs in UNIX.

AD, is a good product for the limited(read as small - under 300 client nodes) implementations I have seen it used successfully in. The Dynamic DNS is easily over-driven, it can't keep up with BIND 9.x for changes, can't make SOA changes reliably in the DNS infrastructure when heavily loaded, you can't even remove lists, without BLOWING it away and "refreshing it." Now how about those issue of it trusting nearly any host that says "trust me, I am not here to hurt you!"... Or maybe the ability to overflow the message queue for DDNS on the Windows boxen.

AD, is not a good product when you have a mixed server environment and a Large Windows ONLY client base. Managing anything over ~400 distinct nodes and it bellies... you gotta put in another "Directory ONLY server" handling ONLY Directory write and reads. A biggey at that too... Typically a intel *NIX box that is a PPro200 with 256MB and a SCSI disk could keep up way past this with Bind 9 and DHCP all running on the same machine... plus doing the horrid Dynamic Updates MS has pushed so hard. DDNS make really no managability decrease or hardware reduction.

eDIR, can and is the data store for a couple of Custom e-"anything" systems I had the priv of seeing just recently. Synergy... being one product that can use these kinds of things make managing W2K TSE and CITRIX servers an absolute dream... it stores all configs in eDIR and the objects related to the server like the SID and PIDs. and the applications on it. Allows you to be able to "dynamically" select local vs network vs ICA or web-served-only. Nal object can now be deliever via traditional, syncd, NFS, HTTP or FTP.

I don't really need to repond to this thread anymore... ;)
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Post #50,268
by ben_tilly
8/23/02 9:52:34 AM
Reply
New Curious question
How well do Samba and AD play?

My limited understanding is "not well". Would love to be wrong, but if that is true then that is a good reason in my books to avoid AD.

Cheers,
Ben
Computer Science is no more about computers than astronomy is about telescopes.
-- Edsger Wybe Dijkstra (1930-2002)
Post #50,271
by deSitter
Picture of deSitter
8/23/02 10:32:53 AM
Reply
New Re: Curious question
W2K has a compatibility mode, and a native mode (only other W2K servers). In the former, I'd be surprised if things were very different than with NT machines and Samba. However there is clearly an effort to shed LAN Manager baggage in W2K.
-drl
Post #50,272
by deSitter
Picture of deSitter
8/23/02 10:37:57 AM
Reply
New Re: AD is NOT NDS..... NOT NOT NOT NOT....
Whoopee, a marketing barrage for Netware. Fuck Novell.

"I really don't need to respond to this thread any more."

I actually thought it was informative, but you're above all that I see.
-drl
Post #50,304
by folkert
Picture of folkert
8/23/02 1:57:57 PM
Reply
New Didn't really mean to...
Have you take it that way Ross...

What I was saying was that I could basically devote an entire DAY writing about this stuff...

That is why I said.... no longer respond... as I could/would get carried away with a huge posting that only Methuselah(sp???) would have time to read...

And to Comment on AD and SAMBA not playing together nicely... Well... I have gotten it to become a trusted "domain" to the directory... and has it get all authentication from AD.

It sometimes loses touch with reality... but eventually I kick it and it wakes up... (using SWAT I restart NMB)...

But all said and done... it is better to use one way or the other... less headaches.

There is a fork of SAMBA working heavily on the AD integration aspect of things... haven't cheked it out yet... prbably won't as there ain't enough time in the day lately...
greg - Grand-Master Artist in IT,
curley95@attbi.com -- [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!!!]
Post #50,318
by deSitter
Picture of deSitter
8/23/02 4:57:29 PM
Reply
New Re: Didn't really mean to...
Oh, sorry - sounded like you were blowing me off. I know little to nothing about modern Netware and could not care less - Novell being a company that committed pointless suicide when the business NOS issue was still unsettled. For that I don't forgive them. Microsoft owes a lot of its success to the stupidity of Novell.

I can't believe I'm defending Windows, but I am! LDAP is clearly a better match for LAN/WAN directories than X.500. Also, standard protocols are a far more visible issue with W2K than they were with NT 1.4 - er - 4.0. Something must have happened at MS on the NT team for it to improve so much.
-drl
     I are not a Windows guru . . - (Andrew Grygus) - (17) - Aug. 19, 2002, 06:37:41 PM EDT
         hmm WTF I have never done it but - (boxley) - Aug. 19, 2002, 11:39:56 PM EDT
         Blurgh. - (pwhysall) - (1) - Aug. 20, 2002, 06:17:08 AM EDT
             Re: Blurgh. - (Andrew Grygus) - Aug. 20, 2002, 10:57:16 AM EDT
         Re: I are not a Windows guru . . - (deSitter) - (11) - Aug. 20, 2002, 10:10:15 AM EDT
             Yes, 2000 definitely is better. - (Andrew Grygus) - Aug. 20, 2002, 11:07:19 AM EDT
             AD is NOT NDS..... NOT NOT NOT NOT.... - (folkert) - (9) - Aug. 21, 2002, 07:34:01 PM EDT
                 AD is LDAP - (boxley) - Aug. 21, 2002, 10:03:44 PM EDT
                 Re: AD is NOT NDS..... NOT NOT NOT NOT.... - (deSitter) - (6) - Aug. 22, 2002, 12:00:32 AM EDT
                     Re: AD is NOT NDS..... NOT NOT NOT NOT.... - (folkert) - (5) - Aug. 23, 2002, 08:11:39 AM EDT
                         Curious question - (ben_tilly) - (1) - Aug. 23, 2002, 09:52:34 AM EDT
                             Re: Curious question - (deSitter) - Aug. 23, 2002, 10:32:53 AM EDT
                         Re: AD is NOT NDS..... NOT NOT NOT NOT.... - (deSitter) - (2) - Aug. 23, 2002, 10:37:57 AM EDT
                             Didn't really mean to... - (folkert) - (1) - Aug. 23, 2002, 01:57:57 PM EDT
                                 Re: Didn't really mean to... - (deSitter) - Aug. 23, 2002, 04:57:29 PM EDT
                 What do Airworthiness Directives have to do w/this? -NT - (mmoffitt) - Sept. 4, 2002, 06:34:32 PM EDT
         me neither but... - (andread) - (1) - Aug. 22, 2002, 12:46:11 PM EDT
             Nah... - (folkert) - Aug. 22, 2002, 08:55:47 PM EDT

Yeah, God forbid it should be your Mom.
58 ms