Microsoft Clarifies Position on Support for Customers Deploying NDS for NT

ID: Q155451

The information in this article applies to:

Microsoft Windows NT Server version 4.0

SUMMARY

The information in this article is related to the text available on the following Microsoft Web site:

http://www.microsoft.com/ntserver/nts/deployment/planguide/NDS.asp

NOTE: Because the Microsoft Web site is constantly updated, the site address may change without notice. If this occurs, link to the Microsoft home page at the following address:

http://www.microsoft.com/

MORE INFORMATION

Microsoft Clarifies Position on Support for Customers Deploying NDS for NT

Recently, there have been a lot of questions regarding Microsoft's support for its Windows NT Server customers who deploy NDS for NT from Novell. Microsoft is committed to providing support for our customers. Any customer who uses NDS for NT can expect full support for Windows NT Server code from Microsoft. However, NDS for NT replaces an internal piece of the Windows NT Server operating system related to the directory and security portion of the system. Customers who need support for NDS on NT should contact Novell if their problems concern security and directory.

Customers should be aware that deploying NDS for NT could lead to significant implications, including:

Support and reliability: Novell is replacing an internal system DLL (samsrv.dll), this DLL is critical in that it implements a key part of the directory and security infrastructure in Windows NT Server. This DLL is part of the Trusted Computing Base and it was specifically designed to not be replaced except by Microsoft to pass C2/E3 and other security tests. Microsoft has been enhancing the functionality of this module in virtually all Service Packs. For example, Service Pack 3 for Windows NT 4.0 contains changes that are not reflected in Novell's replacement of this DLL. The next Service Pack also updates this file.

NOTE: Previously, Microsoft incorrectly stated that two DLLs were replaced in Windows NT Server by NDS for NT. This was accurate in the beta from Novell, but with the final release of NDS for NT only one DLL is replaced in Windows NT Server.

Upgrading to future releases of Windows NT Server: Because NDS for NT replaces an internal part of the operating system, servers with NDS for NT installed will not upgrade to Windows NT Server 5.0 correctly (e.g., if any new local users have been created). The automatic upgrade to Windows NT Server 5.0 uses internal database information to do the upgrade which is not available once NDS for NT is installed.

While Microsoft understands that Novell is trying to solve a very difficult problem -- easing directory management -- NDS for NT is not an interoperability solution because it doesn't maintain the state of both directory systems. NDS for NT forces customers to replace a critical internal piece of security code on every Windows NT Server operating as a domain controller. It is an NDS-only solution. Customers want interoperability that enables any new client to communicate with any existing server and any existing client to communicate with any new server without replacing any code on the existing systems.

Was there another approach for directory management that could have been used?

If Novell wanted to deliver an interoperability solution that works with what customers already have deployed, Novell could have built a directory synchronization tool using the published Active Directory Service Interfaces (ADSI). ADSI, the industry standard for accessing directory services from any vendor, allows third party developers such as Novell to integrate their solutions into the Windows NT Directory Service. This, too, would have allowed Novell to synchronize the two directory services without replacing Windows NT Server code and then manage both directories from NDS.

This solution would have been better for customers because it would allow both systems to coexist without forcing customers to replace what they already have. In fact, Microsoft's strategy with Windows NT Server 5.0 and Active Directory is to deliver an NDS directory synchronization tool through native support for NDS protocols, a solution that will allow customers to manage their mixed environments from Active Directory. Customers can be assured that this solution will not require them to replace any code on their NetWare servers. And, it will allow them to continue to leverage their investment in NDS.


Keywords          : kb3rdparty NTInterop kbinfo NTSrv 
Version           : WinNT:4.0
Platform          : winnt 
Issue type        : kbinfo

Last Reviewed: January 19, 1999