joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

History of Active Directory from someone who made it

by @ 10:33 am on 8/11/2008. Filed under tech

Recently there was a post on AD Org that spawned a discussion on the history of Active Directory. My friend ~Eric who is about as pragmatic as they come (though he can’t seem to get the hang of posting regular blog posts[1]) said well heck if we want the history of AD, lets all stop guessing about it and loop in the guy who is responsible for a huge portion of it. The Mr. AD himself, Don Hacherl, the guy I think of as being a 9/10 in AD when someone asks me to rate myself in AD technology and I say about a 5/6 while listening to some MCTs and other annoying folks declaring themselves a 9 when they haven’t even ever run a production AD.

Don is extremely intelligent, writes well, and was there with AD from the beginning. When he says something my initial response is always just to say “Oh ok” and accept whatever he says as authoritative and I don’t do that with many people, I often like to debate points. I can’t think of a single thing  I have read that he has written that I later changed my mind on and thought he was wrong about. I am sure there must something somewhere, but I haven’t hit it or at least don’t recall hitting it. I look forward to one day being lucky enough to meet him in person and shake his hand and say thanks for making such a cool product.

But anyway, Don took the time to respond to the AD Org list with his view on the history of AD which is great. Here are snippets of the conversation (not all emails and not all parts of the emails) below for your enjoyment and so we never lose it.

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of John Christie
Sent: Wednesday, August 06, 2008 4:17 PM
To: activedir
Subject: [ActiveDir] History of AD…

My colleague has made the following statements:

* Novell directory services was previously called Novell Active Directory

* Microsoft licensed/purchased a cut down version of Novell Directory Services and then developed it.

As far as I’m aware, Novell eDirectory has only ever been marketed as Novell NDS. He’s not the type to do windups so does anyone have any knowledge which can confirm or deny his claims?

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: Wednesday, August 06, 2008 8:21 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

What I heard about AD History is that Jim Allchin who was formerly an architect of the Banyan Vines OS and StreetTalk Directory Service joined Microsoft around 1990 and played a fundamental role in the Cairo project which developed, among many other things, the X500 foundation for Active Directory.

So I may assume AD might come – in a certain way from – StreetTalk as I was also said that Microsoft closely partnered with Banyan whose engineers played a fundamental role in building some AD parts.

But this is the first time I heard AD comes from NDS!!!

Gabriele

—–Original Message—–
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Tom Kern
Sent: Wednesday, August 06, 2008 8:30 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] History of AD…

AD history=exchange 5.5

This is where ~Eric looped in Don with a BCC… Great job ~Eric; I take back some of the bad things I have said about you in the past.

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric Fleischman
Sent: Thursday, August 07, 2008 12:24 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

Replying to the thread again as there is probably someone that can help tell the tale of how AD started…he can tell it from the perspective of someone who was there….

From me…

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Thursday, August 07, 2008 1:35 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

Oh that gave me a pretty good chuckle.

eDirectory if I recall was released in November 99 which was about the time Windows 2000 went RTM (I recall that being Dec 99 and RC3 was Nov 99, Beta started sometime in 1997).

Having spent hundreds of hours looking around the Windows Source code, specifically the AD Source I can say I have yet to have seen a single Novell reference for anything in any of the core areas of the DS other than maybe a mention in a comment to not futz with something because it could impact Netware.

The closest that can claim parentage over AD would be Exchange and I think even that is a bit of a stretch as from what I have heard, things were substantially changed to make it work properly as a solid generic LDAP directory service.

   joe

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of neil.ruston@barclayswealth.com
Sent: Thursday, August 07, 2008 9:20 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

eDir is the latest version of what was named NDS. NDS hit the streets in 1993, when Netware 4 was released.

Before that, Novell installed a SAM equivalent on each Netware server (called a Bindery), all of which were isolated from each other.

Novell may have re-badged their product when w2k/AD was shipped, but in truth, they had a fully fledged directory product years previous anyway.

I think the last place you’ll find MS ‘acquiring’ code, is from Novell J [go read the bashing both vendors performed back in 99/00 and you’ll realise there was no love lost!]

neil

—–Original Message—–
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Tomasz Onyszko
Sent: Thursday, August 07, 2008 9:53 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] History of AD…

Beside exchange I wonder if anything from Site Server or parts of MCIS has also influenced AD :). At the end site server delivered LDAP directory.

And finally Don’s response… I have to say when I saw Don Hacherl in the From Column when I looked at my AD Org folder I was like Holy Schnikey!!! I expect I wasn’t the only one who did that and judging from responses from some of the other MVPs both on and offlist I am confident that is true. Don used to post in the newsgroups back years ago. His posts were always quite awesome. I learned a lot from them.

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Don Hacherl
Sent: Thursday, August 07, 2008 10:45 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

Thanks for tipping me off to this thread, Eric.  I’ll see if I can clear up the pre-history.

The oldest traceable part of AD started life at 3Com in 1988 or 1989.  This was an (incomplete!) X.500-ish directory with custom communication protocols, built on top of a C-Tree database, running under 16-bit OS/2.  By 1990 3Com had abandoned its network software efforts and the directory code moved to Microsoft as part of some complicated deal.  The LanMan group planned to include the directory service in LanMan 3.0 and immediately started porting it to the JET Blue ISAM and building an RPC front end compliant with the X/Open XDS API.

At this point (in early 1991) Jim Allchin, who had recently taken over the LanMan group, cancelled LanMan 3.0 and scrapped its directory service project.  In its place he created the Cairo project, which included a completely non-X.500 like directory service that lived as part of OFS, the Cairo file system.

The email group at Microsoft picked up two pieces out of the wreckage of LanMan 3.0: the DS and an X.400 MTA.  We (this is when I became dev lead of the DS) ported the DS to Windows NT, finished the JET and XDS work, and added a MAPI RPC interface, a query engine, the KCC, a modifiable schema, the link table, and much, much more.  This version of the DSA (plus the MTA and a custom message store) shipped in Exchange 4.0 in 1996.  By this point there’s very little of the original code left, although some elderly data structures live on, at least in name.

Around late 1995 Cairo, and its attendant directory service, were cancelled.  This left the OS team with an urgent need for a DS (for Windows 2000) but no plans to build one.  To fill the hole, the week after Exchange 4.0 shipped two of us from the Exchange DS dev team made a copy of the DS sources and moved to the Windows group, where we got re-christened Active Directory, and the rest is history.

In summary:

  • AD has no relation to Novell NDS/eDirectory.  Novell was a competitor (the competitor), not a licensee/licensor.
  • AD has no relation to Banyan StreetTalk.  Although both Jim Allchin and one member of the AD dev team were former Banyan employees, there was no license or co-work between Microsoft and Banyan.
  • AD has no relation to Cairo, except the relation that mammals have to dinosaurs.
  • AD did not inherit code or functionality from Site Server or MCIS.  It did inherit their customers.
  • AD is a direct descendant of the DSA in Exchange 4.0  (Note that LDAP support got added separately to the two branches of the directory in Exchange 5.something and Windows 2000.  Anything that important is clearly worth doing twice.)

Don

Then the followups begin…

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of AFidel@ddrc.com
Sent: Thursday, August 07, 2008 10:56 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

Was there code sharing between the Exchange 5.x and AD LDAP layers, or were the two efforts silo’d?
Thanks,
Andrew

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Don Hacherl
Sent: Thursday, August 07, 2008 12:43 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

The two LDAP efforts were mostly separate.  Exchange went first and AD followed.  As I recall we didn’t borrow any code, but we did borrow one of the developers for a month or two.  That let us benefit from their experience without code porting difficulties.  (The addition of per-attribute access controls in AD made lots of AD code diverge from the Exchange DS very rapidly.)

Don

Some info more on Exchange than AD, written by a bunch of Hewett-Packard guys…

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Tony Murray
Sent: Thursday, August 07, 2008 1:32 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

Yeah, not the full story perhaps, but a lot of the history is here:

http://windowsitpro.com/Common/adforceimages/Decade_of_exchange.pdf

Tony

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Gabriele Scolaro
Sent: Thursday, August 07, 2008 5:19 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

Great stuff! What a fascinating thread!

Before reading Don’s piece, I was trying to google-find some more historical details about AD, but did not find any really interesting and when compared to Don’s they appear misleading.

1) Dead-End Road to Cairo (http://business2-cnet.com.com/2009-1017-857509.html)

October 1998: Microsoft says it will rename Windows NT 5.0 to be called Windows 2000. The operating system will include Active Directory, technology originally slated for Cairo”.

2) Banyan VINES (http://en.wikipedia.org/wiki/Banyan_VINES, as the header tells it requires improvement)

“…Banyan was sharing their technological advantages with a much larger competitor. Using that information, Microsoft soon began work on its own implementation of a directory services model to be called Active Directory and rolled out with its OS 5.0, Windows 2000. Even while hiring away James Allchin, known as the “Father of StreetTalk,” Microsoft ran into technical difficulties, particularly in world-wide synchronization of Active Directory across time zones. Not afraid to use outside expertise, Microsoft actually partnered with Banyan in one of Banyan’s last strategic and, many would argue, ultimately fatal partnerships, as Banyan sent a team of its most experienced StreetTalk engineers to Redmond to “fix Active Directory.

3) Cairo (http://en.wikipedia.org/wiki/Cairo_(operating_system)

Although Cairo never emerged as a shipping product, its main features were shipped as parts of other Microsoft operating systems…… DCE/RPC shipped in Windows NT 3.1. X.500 shipped as part of Active Directory in Windows 2000.

Don, I think that it would be greatly valuable for the entire DS community if you gave your contribution by correcting the misleading infos at Wikipedia (e.g. clarifying the Cairo or StreetTalk supposed dependency).

Finally I think that an “AD History” piece would be a must-have among ActiveDir.org articles, what do you think Tony? 😉

Thank you very much – Gabriele.

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Don Hacherl
Sent: Friday, August 08, 2008 12:40 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

I fixed the Cairo page.  The Vines article really requires a major chunk to be thrown out, even to acheive Wikipedia’s “neutral point of view” standard.  I’ll see what I can do.

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Don Hacherl
Sent: Friday, August 08, 2008 12:41 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] History of AD…

I fixed the two Wikipedia articles.

The CNet article is really just the standard corporate marketing form of historical revisionism that I used to complain about but long ago learned to tune out.  I can almost hear a marketeer telling me “We always intended to include directory services in Cairo.  ‘Active Directory’ is the marketing label we put on a directory service technology as we brought it to market.  Therefore, had we brought Cairo to market it would have contained directory service technology that would have been labelled ‘Active Directory’.  The fact that the underlying technology of ‘Active Directory’ in that hypothetical Cairo universe is different than the underlying technology of ‘Active Directory’ in this universe is interesting, but fundamentally unimportant, and drawing fine distinctions like that would just muddy the message we’re trying to get through to customers.”  Then I’d roll my eyes and go back to my office, thankful that I was in development.

Don

 

Hope some of you find that interesting. 🙂

 

   joe

 

 

[1] I think he is mad at me still for telling him to buy a lawn mower for his house a few years ago indicating that it was fun to mow your lawn as a homeowner. For me it, for ~Eric, it has been less so. If you live in Redmond and you run into him, be sure to ask him about his lawn mowing adventures as he is happy to regale you with those stories along with the person who has caused him so much pain and misery regarding it. I have one thing to say… His wife told him to hire a lawn service… I told him to buy a lawn mower. He listened to me… He absolutely hates mowing… Is that karma or what? 🙂

Rating 4.00 out of 5

One Response to “History of Active Directory from someone who made it”

  1. Mike Kline says:

    That was a great thread, surprising how one simple question about a coworker making statements about AD and Novell led to one of the most memorable posts.

    I don’t know Don but when I saw you, Guido, and others come out and praise him I knew he was legit and this blog entry affirms that.

    I rate myself a -2 based on your 6 rating 🙂

[joeware – never stop exploring… :) is proudly powered by WordPress.]