If you spend time battling against Microsoft Active Directory (MAD), I may have some good news for you. A forthcoming update to Windows Server will include a visualisation tool to make your life easier.

People who use MAD often complain that they can’t tell who can access their resources. This arises partly because each object, such as a user or computer, can be in only one domain. While this might suit some firms, others say the business world is more complex than this. For example, consultants might need an entry in several directories, and should probably have different group policy settings than other staff.

Currently the “one domain” limitation means firms end up with a few overarching group policies and then a plethora of exceptions. Problems arise because there can be so many exceptions that you can’t keep track of how many there are or why they are there. The result is that users end up with access to resources they shouldn’t have access to, and it takes a MAD architect – now there’s a job title – to fix the mess.

Another problem is caused by merging directories and data cleansing. For example, some government organisations keep track of information about people. In one context, a person’s name might be their maiden name; and in another context, it might be their name after marriage. Neither name is incorrect, but having two names for one person might cause problems.

Everyone, including Kim Cameron, architect of identity and access in the Connected Systems Division at Microsoft, seems to agree on the need for better tools to visualise what is going on inside the directory.

Well, everyone can breathe a sigh of relief, because a forthcoming version of Windows Server will include a tool called Polyarchy, which is designed to show how various hierarchies relate to each other in the context of selected entities, and how those entities relate to each other. There is more information in a PDF at the URL below.

Likewise, the Longhorn update to Windows Server, expected next year, will include Microsoft Identity Integration Server (MIIS), which can integrate identity information from multiple directories to provide a unified view of all identity information about users, software and computers. Some would argue that such a tool is essential for managing a modern business.

Some snipers say Microsoft asks users to overlook current shortcomings in its products and promises the stuff it will sell you tomorrow will be better. Given the huge problems with bugs and worms attacking XP, we hear that Windows Vista is being designed from the ground up to improve security. And given the huge potential for vendor lock-in that comes with a directory system, we hear a similar message about MAD getting much better very soon.

Whether or not the snipers’ shots are fair, it’s worth knowing that Longhorn will come with MIIS, which currently costs about $25,000 (£13,600) per processor.