Excellent news Jackson. I have to admit, I knew you were on the list so I tossed that one up in the air for you. I was hoping you would spike it and happy that you indeed do so.
Please keep my MOM story to heart as well. You want to make it so SQL for IIFP/MIIS is just like the file system, it just sort of works. If you require a DBA for it, it is still going to be a problem. Also really look at ODBC capability unless the SQL Requirement gets buried so deep you don't even have to know that SQL Server is running and it can all be on one box. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jackson Shaw Sent: Monday, November 15, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD & OpenLDAP Two comments on this since I "own" this product at Microsoft: SP1 for the IIFP (and MIIS) is due out at the end of this month. We have changed the SQL requirements so that a customer can use SQL Enterprise or SQL Standard. With SP1 we have started to bundle other components into our base product. However, not SQL with SP1. It is my intent though, to include SQL with both the IIFP & MIIS Enterprise Edition in the next major release. So the key takeaway I'd like to leave with you is this: We hear you and have taken the first step in a plan to make this happen. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, November 15, 2004 9:11 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD & OpenLDAP Note that while IIFP is "free", it does require SQL Server 2000 Enterprise Edition for production use which is decidely NOT free. It also requires an Enterprise Windows Server 2003 license and install. This was something that was pointed out to MS last April at the MVP summit as being a high barrier to implementation. The fact that you had to pay for SQL Server and that you had to use SQL at all instead of just being able to ODBC into whatever your corporate Database standard solution is. Honestly, the Database should be integrated into the product in such a way that there is no additional cost to the free product and there is no additional overhead to maintain it. The idea behind IIFP it seemed to me to help enable a company to use MS tech. They said it was free to make it even more enticing, however I think having to pay for and learn SQL defeats it. I know of an MCS friend who has had to go back to a company three times now because the MOM implementation blew up because of backend Database failures because the people didn't know how to manage SQL 2000 and didn't seem to be willing to invest in learning the product. They bought a monitoring solution and wanted to learn monitoring stuff, they didn't want to have to become DBA's. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Schofield Sent: Friday, November 05, 2004 5:02 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] AD & OpenLDAP There are two versions of MIIS - Paid version and a free add-on -Identity Integration Feature Pack for Microsoft Windows Server Active Directory http://www.microsoft.com/downloads/details.aspx?FamilyID=d9143610-c04d-4 1c4- b7ea-6f56819769d5&DisplayLang=en steve ----- Original Message ----- From: "Salandra, Justin A." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 04, 2004 12:59 PM Subject: RE: [ActiveDir] AD & OpenLDAP Does MIIS stand for Microsoft Internet Information Services? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, November 04, 2004 10:52 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD & OpenLDAP AD is quick, painless and mostly maintenance free. That's easy. Think of it as an app that comes with it's own directory just like so many others :) Sounds like you want the account lifecycles to be authoritative in another system and just have them flow down to AD. If that's the case, they MIIS might be your ticket. It could also be that you want to have a look at the current metadirectory systems you have (for lack of a better name even if they're homegrown) to see if they can do what you want. For more reading on the product and how to plan, deploy, and run it have a look at the website: http://www.microsoft.com/ad Note that AD relies heavily on DNS which is the usual biggest fight for deployment. Best bet is to delegate a sub zone for AD usage and get the workstations to use a AD DNS and forwarders to other DNS systems if your environment is similar to ones I've seen before. That allows your AD infrastructure to be self-contained and mostly integrated with the other systems in the landscape. Over time somebody is bound to realize that the AD is the more important of the systems as it contains and controls the desktops which are the only access points of "gates" to the back room infrastructure. Helps to have it in place and working first though :) Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Romeyn Prescott Sent: Thursday, November 04, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD & OpenLDAP I want the users of the PCs I manage to authenticate against AD so I can use Group Policies to manage (or micromanage) their permissions on the computer based either on A) who they are and/or B) which computer it is. Not having had a Windows server newer than NT4 to play/experiment with before now, I'm only going based on what I've read and seen others talk about on other lists. We run SCT Banner on a VAX. That is where all student data gets initially entered. Changes to that data are frequently sent to another of our systems, and that userbase is mirrored to various of our other systems and services. I sense I'm going to have a battle on my hands getting AD even turned ON in this environment. So if it can be "quick, painless, and maintenance-free" that'd be a huge selling point for me. :-) ...ROMeyn At 9:22 AM -0500 11/4/04, Mulnick, Al scribbled: >Out of curiosity, why would you want Active Directory to not be "the" >source or user accounts and then want to sync with openldap? Can you >describe the goals a little more and why you're wanting to put Active >Directory into your environment in the first place? What planning have you already done? > >Al > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko >Sent: Thursday, November 04, 2004 9:17 AM >To: [EMAIL PROTECTED] >Subject: Re: [ActiveDir] AD & OpenLDAP > >On Thu, 4 Nov 2004 09:11:57 -0500, Romeyn Prescott wrote > >> 1) Does Active Directory come with Server 2003, or is it some sort >> of "add-on" which must be purchased separately. (Microsoft's web >> site seems, in at least one location, to indicate that it comes with >> it, but I just want to be sure.) > >It is built-in feature of Windows Server - You are establishing server >as domain controller by running dcpromo.exe on the server > >> 2) We have a relatively new OpenLDAP server (also running on Linux) >> which also mirrors our account base. Given that we do NOT want the >> Windows 2003 server to be "the" source for our user accounts, is it >> possible to tell it to synchronize with an OpenLDAP server? Is such >> a task "trivial," "complicated," or "impossible?" > >Depending on the approach: >- You can write some scripts which will "monitor" OpenLDAP and will >create users in AD >- You can use products like for example MIIS 2003 to synchronize >OpenLDAP and AD database. > >There can be more choices in this topic. > >-- >Tomasz Onyszko - [EMAIL PROTECTED] >http://www.w2k.pl > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ -- signat-url: http://www2.potsdam.edu/prescor/signat-url.htm List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
