Planning for Active Directory Integration

  • Article

Active Directory is the directory service built into Microsoft Windows 2000. You can use Active Directory to add, modify, delete, and organize the business entities of your organization. For example, the Windows 2000 user accounts, computer accounts, security and distribution groups, and published resources are all accessible through Active Directory.

You can use Active Directory as a data source for profile data. The Profiling System aggregates data from Active Directory and other data sources into a single business entity that you can then use in your Commerce Server implementation. For example, you could store the account number and password of a user in Active Directory and store the rest of the account information (contact information, credit limit, preferences, and so forth) in Microsoft SQL Server. The Profiling System would then assemble data from these two data sources into a single profile that you can use for targeting and analysis.

Active Directory is a highly robust and scalable technology; however, it is important that you design your site architecture to use it appropriately.

If you plan to divide users into groups within Active Directory, extra care should be taken to assure that the performance of the Active Directory server is adequate. Adding users to groups is a relatively expensive operation in Active Directory, and there is a limit of 5,000 users per group.

To work around this limit, the Microsoft Commerce Server Software Development Kit (SDK) includes an object called the Subgroup Manager that enables you to store more than 5,000 users in a "virtual" group, hiding the actual groups in which the users are stored. For more information, see Subgroup Manager. Since the use of this object will introduce even more overhead into an already expensive operation, it should be considered when determining the appropriate hardware for this component of your Web site.

The following table lists some of the questions that you need to answer to determine how you will best use Active Directory in your site design.

Planning question Recommendation
What data will you store in Active Directory? You should store only data that is unlikely to change in Active Directory.
What volume of data will you store in Active Directory? You must perform your own Active Directory capacity planning exercise, as your requirements will differ from the tested scenarios. The current tested capacity shows that you can include more than 2.5 million user accounts in a single Active Directory domain with Commerce Server 2002.

Ee824273.note(en-US,CS.20).gifNote

  • Testing was based on the following environment and assumptions:
    • Commerce–specific scenario involving high–write and high–user profile creation activities.
    • Rates of user profile use that are significantly higher than in an enterprise directory implementation.
    • Deployment configuration: twenty Web servers, eight domain controllers, and three database servers.
    • One percent of the users use the site on average; three percent of the users use the site during peak periods.

If you intend to use Active Directory for large scale implementations, engage Microsoft Consulting Services (MCS) to assist you with planning.

See Also

Small Site Configuration with Active Directory

Setting Up the Domains

Migrating the Membership Directory

Creating a Profile Definition with Two Data Sources

Copyright © 2005 Microsoft Corporation.
All rights reserved.