Interesting question - and as to the 'implode point' for ESE/Jet Blue, Brettsh can answer that one. I'm pretty sure that we have a good idea on where the point of diminishing returns is, but it likely FAR exceeds what anyone might practically do today - even with added classes and attributes.
As for why ESE - it works, it is self maintaining to a great degree, there is very little overhead in the DB, and it is quite optimized to the type of work that is required for AD. Brettsh can certainly add more. I am one for preaching more svelte attitudes on your AD. As joe mentions - it's for authN purposes first and foremost. It CAN handle DNS, it does GPO (though - truth be told the majority of GPO function is but a link to an attribute, while the actual GPO pieces reside in SYSVOL, so not much AD - lots of FRS), etc. App Parts make sense in some arenas where the amount of data is going to be very small and contained to just a few areas. I, too, like joe advocate ADAM. I try to sell ADAM constantly as THE solution for most anything that doesn't have to do with authN. Customer AppDev wants to stuff new things into AD constantly. Partly, they don't know the down sides. Partly, they think they have to learn something new. Partly, they don't really care if YOUR AD is affected by their decisions, as long as they deliver the solution in the timeframe specified. So, it's up to you, Mr. Admin and Mr. Architect to tell whoever wants to use your AD, no - we don't do it that way because it's very bad. We will use ADAM. Get used to it. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mylo Sent: Friday, October 07, 2005 8:04 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Adding custom fields to AD That's a good point about plonking stuff in AD.... a case of once a good thing comes along everyone wants to climb aboard. I remember doing ZENworks stuff with Novell where all the application configuration information for software distribution was shunted into NDS/E-Directory... all that bloat adds up replication-wise (still, at least there was partitioning). One thing I am curious about though is why MS opted for JET as the DB of choice for AD.. was it the only viable option at the time ? What's the ceiling on actual database size before it caves in (performance-wise)? Mylo joe wrote: >I am going to basically say what the other said only I am going to put >it this way > >IF the data needs to be available at all locations or a majority of >locations where your domain controllers are located, consider adding >the data to AD. > >IF the data is going to be needed only at a couple of sites or a single >site, put them into another store. My preference being AD/AM unless you >need to do some complicated joins or queries of the data that LDAP >doesn't support. > >There is also the possibility of using app partitions but if you were >going to go that far, just use AD/AM. > >The thing I have about sticking this data into AD is that AD is >becoming, in many companies, a dumping ground of all the crap that was >in all the other directories in the company. I realize this was the >initial view from MS on how this should work but I worked in a large >company and thought that was silly even then. > >The number one most important thing for AD is to authenticate Windows users. >Every time you dump more crap into AD you are working towards impacting >that capability or the capability to quickly restore or the ability to >quickly add more DCs. The more I see the one stop everything loaded >into ADs the more I think that the NOS directory should be NOS only. >Plus, I wonder how long before we hit some interesting object size >limits. I have asked for details from some MS folks a couple of times >on the issues with admin limit exceeded errors that you get when >overpopulating a normal multivalue attribute (i.e. not linked) and it >causing no other attributes to be added to the object. I wonder what other limits like that exist. > > > > joe > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff >Sent: Tuesday, August 09, 2005 12:16 PM >To: ActiveDir@mail.activedir.org >Subject: [ActiveDir] Adding custom fields to AD > >Group, > >My manager wanted me to check, even though, I don't think that it is >possible, but, I will present the question. > >He would like to add some custom fields, about 30, to AD. He would >like to add bio information into AD to be pulled by Sharepoint and >other applications for people to read. I think that this is a waste of >time, space and effort. However, it is not my call and if this is what he wants.... > >What are everyone's thoughts on the topic? > >Thanks >S >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/List.aspx >List FAQ : http://www.activedir.org/ListFAQ.aspx >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/