January 12th, 2004, 09:01 PM
M$ Active Directory
I currently have a 350 node network running a mix of operating systems, Netware (rules by the way), SCO, NT 4.0 and Red hat. My mail servers are Exchange 5.5, which I would like to get rid of all together and go back to groupwise if I could, but the IT staff here is already fimilar with Exchange and I don't want to change that on them.
I need to go active directory before I upgrade Exchange (from my understanding that's the best way to do it) and would like to anyway but i'm being asked from the powers above what advantages, both from the business side and technical side will we gain by going to AD and Exchange 2003. I went out to Micro$oft's site and got alot of marketing BS, but what I need is the real scoop from those of you who have done it.
So my question to the techies is: what are the business and technical advantages to migrating to AD and exchange 2003?
I really appreciate your input..
If at first you don\'t succeed, f**k it try something else.
January 13th, 2004, 03:33 AM
Exchange 5.5 was End of Life on December 31 2003.
That looks to me like a good business reason to upgrade.
It looks like the first year of extended support(pay-per-incident and security hotfix support) was made free, but at the end of 2004 you will need to pay lots of monaaaay to get support/fixes for exchange 5.5. Then, at the end of 2005 the support will go away entirely.
So, it is time for the organizations still running Exchange 5.5 to seriously consider their options, choose one, and then begin to implement it. An unsupported mail server (from microsoft, or anybody, no patches == BAD) is a disaster waiting to happen. If my company were in this position right now just that argument alone with sinister hints about the fate of corporate mail would be enough of a business reason. What is the cost of a compromised mail server because the developers stopped releasing updates?
Now, as far as Active Directory goes, if the decision is made to upgrade to Exchange 2003, you are going to need to upgrade to Active Directory as well( as you said, and that is what I understand as well). Probably Windows 2003 server Active Directory.
I really can't comment on Active Directory/NT 4 Domain.
Some comments about active directory though which are particularly relevant in your situation
Active Directory includes LDAP, this sounds like a good thing for interoperability between different OS's, it isnt that easy. Microsoft made their own schema, and even to use ldap to authenticate other OS's(except Mac OSX 10.3, and only that one as far as I know) you need to modify the schema of Active Directory to make it conform more to the LDAP standard. This is a bit of a nerve racking process, at least it was, there may be something which does it for you now, maybe MS Services for Unix, I don't know.
Active Directory includes kerberos, this also sounds like a good thing for interoperability, it isnt that easy. Microsoft modified kerberos to their own standard( I forgot what they changed, it is kind of slick, except that it makes interoperability a bit dificult). I believe it is possible to use kerberos for authentication between nix and Active Directory, but I am not positive.
If you are using nds as your main authentication scheme now, maybe the above doesnt matter. There are tools to synchronize NDS with active directory. And perhaps your nix boxen can talk better with NDS LDAP than Active Directory LDAP.