-I dislike that there is no "easy" undelete (e.g. true "undo"
with all the attribs coming back and all the nasty cross domain group
stuff fixed).
-I dislike that there is no official support of AD on VMware
ESX. (Come ON MS, let VMware certify their drivers...)
-I dislike the multiple different ways that values are
represented in attributes... Some attribs are relatively straightforward
and others are in some type of bitwise format. For example
"lastlogonTime" is represented with a high and low part bit value. What
is wrong with using stuff that is easily recognized to the scripter like
say a normal date / time stamp?? (See P. 208 of Robbie Allen's AD
Cookbook for this example - four lines of code to display a date/time
plus you have to add the date of 1/1/1601 to it to have it come out
right).
-I dislike the fact that the forest not the domain is the true
security boundary.
-I dislike the fact that the password policy rules are only
configurable on a per domain basis.
-I dislike the fact that a good chunk of the Terminal Services
user information is a big old binary blob in a single attribute and you
have to have a special .dll (built in on 2k3 servers) to write/read to
it.
_Stuart Fuller
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, August 02, 2005 10:25 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Biggest AD Gripes
So what are everyone's biggest AD Gripes? I am not talking about gripes
about things that use AD like GPOs[1] or Exchange or NFS or anything
else like that. I mean actual AD really missed the boat because of this
that or the other thing.
Like
o I dislike that when you defunct an attribute it doesn't purge the
information in the directory for that attribute.
o The fact that AD Security policy is managed through a technology
dependent on AD and replicates both within AD and the other technology.
o I dislike that there is no true schema delete.
o I dislike the fact that I can't specify which branches of the tree
replicate where.
o I dislike the fact that GUIDs are represented in multiple ways in the
directory.
o I dislike the implementation of property sets especially since they
could be so incredible awesomely cool. Specifically I dislike that an
attribute can only be in a single property set.
o I dislike creator/owner on SDs.
o I dislike the lack of configurable business rules.
o I dislike the fact that I can't run multiple domains on a single
domain controller.
Etc etc. I have more but lets see what others say. Everyone pipe up.
Let's pretend that MS will actually see this, let's further say let's
pretend MS AD Developers will see this. What would you tell them if you
were sitting in the room with them?
joe
[1] I do not consider GPOs to be part of AD. They are a technology that
leverages AD.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
