DEC was indeed cool. I am not under NDA for it that I
am aware of. In fact I would expect Gil would like to hear people chattering
about the conference as it will drive more people to it. And again, I don't do
many conferences but this one is exceptionally good in terms of anything I have
been to. I heard a lot of chattering along the same lines and that it was
especially considerably better than the big MS conferences that focus on all MS
techs instead of just AD. So instead of AD being one topic of hundreds it is THE
topic. And honestly, this deserves to be THE topic. Why? Because AD is the
corner stone of your security if you are using it for your
authentication/authorization.
So why specifically was DEC cool?
First and foremost, I met a lot of people in person that I had previously chatted in email and newsgroups
with. That was very nice. Now everyone knows what I look like and probably
wonder how a guy 5' 2" and 105 lbs like me can be so wicked and opinionated in
email yet not utter a peep in person. Some of the folks I met from this list are
Gil Kirkpatrick, Guido "The Killer UG Pimp", Robbie Allen, Todd Myrick, Hunter
Coleman, Stuart Fuller, Alan Isham and several others. Also got a chance to talk
to and more importantly listen to some of the MS folks such as Stuart Kwan, Paul
Rich, Andreas Luther, Sanjay Tandon, Robert DeLuca, and others. This
face to face chatter is invaluable.
There was one cool session where there were three teams
broken out to solve three AD issues. These were some evil little issues Gil
dreamt up to see if people could work through them. Simple configuration issues
gone bad. I sat and watched Stuart lead a team working on one of the problems.
It was entertaining. I didn't sign up as I didn't think solving a problem would
be that much fun, heck I do that every day at work, why go to a conference and
do it in the evening, especially while drinking... I was wrong however, it ended
up being great fun. Interesting watching different people troubleshoot issues.
The presentations were generally quite informative.
Alan Isham had a great presentation on object lifetimes. This is a topic that
everyone really needs to start paying attention to. A lot of folks are finishing
up the get your ass into AD stage. Now they need to get AD cleaned up. It
brought up for myself and my manager (who was also there) the whole idea of
really having to have a known defined owner for EVERY object in AD and if
we don't know who it is, it is us. This is not what we liked to think previously
but I think we don't really have a choice in the matter because the clutter
mostly impacts us.
The other Intel presentation (by John Dunlop I think -
don't have my DEC cheat book here with me) was about using Virtual Server for
restoring a forest. It was interesting as it was very close to what we have been
looking at and I have previously discussed here on the list. Glad to see someone
else thinking that way which lends credence to our thoughts and direction. They
had an interesting twist for getting all of the DCs at all of the sites back up
and running quickly via spinning up a backup VS DC on every machine and then
slowly going through rebuilding back to the original physical setup. Overall
there was a considerable amount of talk about DR and lag/hot sites and data
restoration. It seems to be a big topic on everyone's
mind.
There was a presentation by the US Army which basically
made me glad I wasn't trying to deploy in that environment. I thought my
environment was big and complex and politically charged and underfunded... At
least my people are mostly not carrying weapons.
There was a presentation by Wook Lee from HP (the
Compaq side originally) which I can only say was... well you had to be there.
Let's just say he wore a faux Forest Ranger hat and had Smokey the Bear slides
and Burma Shave jingles. If that doesn't entice you into wanting to see his
presentation, well you are just not alive I guess. :op
I also spoke with Wook Sunday night at the
reception for an hour or so and that was also quite entertaining and
informative. Wook has seen some issues that I wouldn't ever want to see. One of
the side benefits of fully deploying beta and RC code is what I would call it.
Guido had a good presentation on forest trust stuff.
Had a couple of DLG vs UG jabs in there for me which I appreciated. Several
folks recognized them as such as well. It is all in good fun and keeps life
interesting. :op He ended up using a joeware tool (sectok) in one of the slides
to illustrate something so that was good too... push the use of joeware for
effective admining and information discovery.
:o)
It was interesting to hear from Andreas concerning the
direction of MIIS. Apparently it is being driven towards being your one stop
provisioning system. Sounds like AutoGroup is going to be completely bundled
into that versus off on its own. AutoGroup, if you are unaware, is the AutoDL
replacement that handled security/dl group memberships with subscriptions and
such. I think it was pretty clear from several people I was talking to that
group management is also on the minds of many people. One point on that that I
found interesting was the idea that several folks seemed to be using 80/20 rules
for assigning group memberships by departments or roles... i.e. if 80%+ of the
folks needed, everyone in that dept or role got it... That flies in the face of
my least privilege mantra I repeat 100 times every night before going to sleep.
I think that may be one of the other issues with Role based security. The first
major one using a one role one group mentality and assigning perms to that group
all over the place versus the resource based security ideology of having one
group for each resource and then assigning people or role groups to the resource
permission groups. I am much more into wanting the nesting than having a group
and wondering where all the places I (or anyone else in the company) assigned
perms to it.
Stuart's information in the keynote and a couple of
points through the conference were especially interesting concerning possible
enhancements in Longhorn Server. I hope to hear more at the Summit in a couple
of weeks. He had a very interesting method of asking for the importance of
various features. He gave a survey with about 20 items and we had to pick out 6
items we considered most important then rate them by assigning $ values to the
item. We had $100 to spend and it had to be spread among the 6 items with no
less than $5 on any one item. I am going to try and list some of the items but
know I don't recall all of them, maybe Gil could post the entire survey and
people could fill it out here on the list and that would give Stuart even more
data on what people are looking for. One interesting point, my manager and I
both filled it out and had entirely different responses. He answered from a
management standpoint and what his perceived pains were and I answered from a
gear head angle and what I thought our pains or future pains were. We had one of
the 6 in alignment but our priorities for that one were entirely different, it
was his highest priority and my lowest.
So some of the items
are
1. Caching Domain Controllers - basically a DC that did
credential caching for a site. It didn't cache admin password info so it
couldn't be compromised and used to gain access back into the forest. I liked
this idea and asked that it not just work for a single domain, but any domain in
the forest.
2. Multiple domain hosting from a single
DC.
3. Ability to stop/start Active Directory on the fly as
a normal service.
4. Domain Controllers not being dependent upon
NTFRS.
5. Better DR for domain controllers and
AD
6. Logging for directory changes in general, not
changes on specific DCs.
7. Ability to have multiple password/lockout/complexity
policies per domain
8. Role based security built into the
product
9. Better Undelete/Undo
functionality
10. Increased ease of use for
authentication/authorization of non-MS OSs
11. Simple setup WAN site DCs... I.E. Not the normal DC
build process, sort of like easy bake DCs.
12. Allowing people to admin hardware/OS without being
able to touch AD.
Ok those are the ones I remember and actually they may
be warped so I really hope Gil posts the real list. Also I would hope he posts
the results from the conference as I think that would also be good for everyone
to see.
Again, overall, it was a really good conference. Its
good to get people together talking like that. I had great fun and I can't
recall how many times I heard "Oh, you are THAT joe" which made me generally
ask, is that a good thing or a bad thing? It always seemed to be a good thing
and overall people seemed to indicate that I was helpful to them which made me
happy.
Gil was talking to me about presenting at a future
DEC. I have no clue what I would present, anyone have ideas on things they would
like to hear out of me in that forum? About the only thing I can think of would
be to sit there responding to ActiveDir Org posts in front of everyone and
discuss my thoughts while responding.
My recommendations for future DECs were to have it
someplace warm in the cold months (D.C. was kind of on the cool side), white
boards in conference rooms for ad hoc chat sessions, keep the bars open all
night (at least a cooler with beer) in the conference rooms so people didn't
have to go find other bars and disturb the conversations, keep everything at
very technical level.
Oh yeah, there was one big huge issue with the DEC... I
didn't see one single rubber chicken.
joe
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan
Sent: Saturday, March 27, 2004 11:09 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Used to be - Anyone ever convert dnsRecord attribute?
"BTW, if you
didn't go to the Directory Experts Conference, you missed a good time. NetPro
did a good job and there was a lot of good discussions. Plus some of the stuff
Stuart was talking about was pretty darn cool. "
Firstly, just rub it
in..... Secondly, are you under NDA? Cut loose with some specifics,
man!
Rick Kingslan MCSE, MCSA, MCT, CISSP
Microsoft
MVP:
Windows Server / Directory Services
Windows Server / Rights
Management
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
WebLog -
www.msmvps.com/willhack4food
