I don't see it as "stupid MS bashing". It's like when the McCain camp hears someone asking a critical question of their VP pick, they scream "stop being sexist", no matter if the question was about taxation or something. So it goes with critical comments that someone doesn't like, they call it "bashing." I have repeatedly seen serious and fundamental flaws in the design of Microsoft's software, and I choose to point them out vividly. It is completely fine if you want to call that MS bashing.
Dante Lanznaster wrote: > You can authenticate against AD from anything that supports LDAP. > Beginning with 2000 Server, Active Directory is fully compliant with > LDAPv3 Active Directory is fully compliant with the parts of LDAPv3 as far as Microsoft wants it to be. Of course Authentication is included. Here's one that isn't. LDAPv3 by definition provides a mechanism for you to change your password attribute over a ldap modification request. Using AD? BZzztt! You CAN NOT change your password over Microsoft's LDAP implementation in AD. You ARE required to use the ADSI protocol to change your password, and as far as I know, there's no good implementation of ADSI that doesn't require me to be logged-in to a Windows operating system and press CTRL+ALT+DEL and then click on "Change Password" (or use the AD Administrator interface). If you want to use AD and roll out a solution where users on Linux workstations can change their password - you're screwed, the user cannot change their password with an LDAP command. Or you have to roll out a hack solution like putting up a windows-based web server which can run ASP code to call the appropriate ASDI API commands to do the change. Microsoft knows that if they were to implement the same amount of LDAPv3 as other vendors, then they couldn't lock your users in to having to use a Windows workstation for that user to change it's own password. This is huge in enterprise environments, such as universities, where students have accounts (and at LLU someone was actually paid at a telephone helpdesk largely to assist with the changing of student password info) because many students have Mac's or other non-windows clients - and do not use a workstation on a domain. > The rules limit is NOT 12. The limit is 32Kb, which btw the reason for > that is because it had to fit in one RPC. Not only that, but in > Exchange 2007 you can tune the rule size to how much you want. No > comments on the storage. Also a lot of people like to bash the storage > maximum size of Exchange 2003 without even knowing the right numbers. Well, it is 32Kb, that is fine. I had users which had 100's of rules for sorting mail into folders and screening out certain subjects and forwarding them to external accounts, etc. When I evaluated Exchange 2003, this couldn't be done in the Exchange server. There was simply no way to increase the size of the ruleset (past 32Kb you say) If the ruleset was text like a procmail rc file, maybe you could accomplish something useful, but with them being in a PROPRIETARY binary format, you might publish two or three rules and use up 1/3 of your 32kb, and how would you know? In an large enterprise, such as LLU or where I work now, people rely on the ability to customize their mail sorting and routing rules, and the Exchange server was a huge limitation in this area compared to other more enterprise solutions. My users with their large rules all ended up running them in Outlook itself, which is in my mind, not an ideal solution. I'll point out that even though there are nice highly-performant mail processing engines available for an open source mail solution, there isn't an integration point to the client. So, if the client is web-based mail, or is something like Thunderbird, there is no way to "publish" any procmail-like rules from that client to the server, so there is a pretty weak point on the server-side processing if you are using something like procmail - you have to expose the rules file to a user mountable share or more likely provide a web interface, and those are hacks. > With both sides there are good admins and bad admins. Please don't > bash the system. Fair enough. I won't comment on how I've never met an Exchange administrator who understood what MIME was. The reason I pick on the system is because it is marketed (to CIO's) that it doesn't require anyone to have any specific skills to administer it. LLU eventually went the way of Exchange based on the urging of a guy who complained loudly that "editing text files" on the e-mail server was "too likely to cause problems". Yes, this guy who couldn't use an editor like joe or pico to change something like the hostname or domainname of a server was the Administrator. So, yeah, I won't say if he is a good or bad admin. The system sucks because it is geared for people with a skill level like his to install it - but good luck hoping this guy could repair a mailbox file if it got corrupted. > Yes, if you really manage directory services for a large organization - > > you'll see that true LDAP directories and multi-OS support wins > out over > "ease of install but hard to fix later" Exchange. > > > Hard to fix what? Here's an example. You setup an AD tree, and create some organizational branches, and then decide to pull a set of resources out of one branch and put it into another. Oh, I'm sorry - there's no pruning and grafting in the AD tree. The problem with enterprise servers managed by gui's and wizards is that if the designer of the Administration interface didn't design it to work with your particular need, the fancy gui probably doesn't provide a way to do the task. Oh yeah, pruning and grafting aren't supported over what Microsoft calls it's "LDAP" interface either. When you end up having to _remove_ and _recreate_ all the users you just wanted to move - it starts to show how much easier it is to work with a real LDAP server. It is a single request in real LDAP to move an entity from one branch to another. (Note I see in google now that I can buy a 3rd-party solution that provides pruning & grafting for AD. Seems like it should still be a free, and core function, not another thing to buy.) > What pisses me off is the constant MS bashing without really knowing > the facts. They do have some bad stuff, like IIS for example, but some > of their stuff work incredibly well, and it takes skill to be a good > admin, like anything else. What pisses me off is the constant parade of Microsoft technology being labelled as "enterprise". This is true only if your enterprise is based on Microsoft - if you use mixed operating systems (a very real part of being 'enterprise') well then Microsoft solutions isn't so "enterprise" anymore. It's a very proprietary closed system, it is extremely difficult to integrate with other systems, and it requires a complete buy-in to the Microsoft way if you want it to work. Doesn't sound very enterprise to me.
