|Administering Windows NT
domains is a hassle, especially if you have multiple domains trust relationships in a
corporate environment with many users. Scaling your enterprise management to grow with
your user base is difficult. And merging NT domains in the case of a company merger is a
FastLane Technologies DM/Suite solves many domain administration problems. This
directory management tool lets you seamlessly manage multiple NT domains, trusts, user
accounts, groups and resources. The product creates virtual domains, which are
organisational elements in the softwares view of your directory structure. These
virtual domains provide tight control over user permissions. DM/Suite also provides domain
migration and reconfiguration services that scale to large environments.
DM/Suite has three components: DM/Administrator, DM/Manager and DM/Reporter. Each tool has
a unique set of functions and the tools work together to provide a cohesive foundation for
managing NT domains. DM/Administrator provides a more granular level of administrative
control than NTs native domain management tools offer. This component lets
administrators selectively control resources but doesnt subvert NTs native
DM/Manager lets you migrate and consolidate multiple large NT domains into a sensible
system of resources. Administrators who wonder how they will organise their domains when
they upgrade to Windows 2000 (Win2k) will be relieved to know that DM/Manager helps you
merge domains and plan a domain structure to condense expansive networks. DM/Reporter
provides statistical data about current or past domain actions that you log to a Microsoft
SQL Server or Microsoft Access database and that you can access via ODBC-compliant
drivers. This component also reports on the other two components.
To test DM/Suite, I installed the software on a dual 200MHz Pentium II system with 256MB
of RAM and Fast SCSI-2 drives. My test server was running NT Server 4.0 with Service Pack
4 (SP4). Installing DM/Suite is simple and takes only a few minutes. You must install
DM/Administrators proxy service on the PC or a member server. This requirement is
logical because the PDC houses the authoritative security accounts information, and you
want the software to use the best possible data. You can install DM/Administrators
server and client interfaces on any workstation or server, and you can install the
DM/Manager and DM/Reporter components on any NT workstation or server.
My test server is on a network segment with a switched 100Mbps fibre optic Ethernet
backbone that sports Cisco Systems 2820 and 2916XL switches. A Cisco System 2514 router
connects my test servers segment to my networks other segment. I configured
the second network segment as purely switched and routed it to the TCP/IP segment with
internal DNS and WINS for operations support. I used my corporate NT domain structure,
which includes two NT domains to perform the tests. Unfortunately I didnt have
access to thousands of users to fully test the softwares DM/Manager component.
I defined a virtual domain, called Web Customers for my Web-hosted customers. I wanted to
secure granular control over my growing network and give other system administrators
tighter control over certain aspects of network operations. Before I told DM/Suite which
domains to manage, the software checked for existing domains and trust relationships, as
screen 1 shows. After adding my two domains in the Setup NT Domains dialog box I created
new user accounts with my virtual domain.
DM/Suite excels at domain administration, but your domain must be in good shape to begin
with. Before you use the software youll want to define global groups with NT domains
to accommodate resource growth. When I tested the software I already had several global
groups on my network. I added three global groups from my main domain to the virtual
domain: Domain Admins, Users FTP Group and Users WWW Group as shown in screen 2. When I
performed the action the software slowed down a bit. After DM/Suite updated the groups and
properties in the cache it uses for domain control, changes to the new virtual domain were
fast. The softwares improved caching abilities were noticeable even on my small
You can configure DM/Suite to use log files for system logging and monitoring activities.
The software monitors the system level for changes, intrusions and breaches; it logs the
cache performance and licensing problems. The products detailed logging capabilities
are useful when you need to examine your systems. DM/Suite extends security by allowing
you to create custom roles in the virtual domains. You can define these roles down to the
action you want to grant users permission to perform.
As I created custom roles I noticed some options Id never heard of, such as Copy
share, Edit comment on share and Edit maximum users accessing share. I created a role
called FTP Admin that allowed only users in Users FTP Group edit FTP shares and
attributes. DM/Suite provides a degree of granular control not available in NT
Servers native tools. Even the Microsoft Windows NT Server 4.0 Resource Kit lacks
tools that offer this level of administration. Finally, I tested DM/Suite on a network
client machine running NT Workstation 4.0 SP4. I edited the virtual domain that I created
earlier and I logged on to both domains to make changes. I encountered no problems making
changes to network structure from the client machine.
DM/Suites documentation comes in three sections that correspond to the
softwares three components. I used draft manuals for my tests, and the only problem
I encountered was the manuals repeated references to Windows 95 as the client
machine, with no references to Win98 or NT Workstation. I found no technical problems with
the softwares documentation.
The DM/Administrator guide tells you how to administer the virtual domains and includes
step-by-step instructions. This document clearly explains procedures and includes useful
figures to aid understanding. The DM/Manager guide explains the functions you can perform
within NT domains. The guide includes all basic instructions you need for domain migration
and checking. The DM/Reporter guide tells you how to report on live and historical data
for domain-management status. This document thoroughly explains how to present data in a
DM/Suites smooth user interface makes the software simple to manage. In previous
versions, you need to run multiple executables to perform actions, and the products
features lacked fluidity. The current release offers one-stop domain controls for easy management. The software
provides useful features that native NT tools lack. Im anxious to see how FastLane
improves the product when Microsoft releases Win2K. Based on the softwares current
performance I predict it will be a winner well into the future.