Planning for Active Directory Integration

  • Article

Active Directory is the directory service built into Microsoft Windows 2000. You can use Active Directory to add, modify, delete, and organize the business entities of your organization. For example, the Windows 2000 user accounts, computer accounts, security and distribution groups, and published resources are all accessible through Active Directory.

You can use Active Directory as a data source for profile data. The Profiling System aggregates data from Active Directory and other data sources into a single business entity that you can then use in your Commerce Server implementation. For example, you could store the account number and password of a user in Active Directory and store the rest of the account information (contact information, credit limit, preferences, and so forth) in Microsoft SQL Server. The Profiling System would then assemble data from these two data sources into a single profile that you can use for targeting and analysis.

Active Directory is a highly robust and scalable technology; however, it is important that you design your site architecture to use it appropriately.

If you plan to divide users into groups within Active Directory, extra care should be taken to assure that the performance of the Active Directory server is adequate. Adding users to groups is a relatively expensive operation in Active Directory, and there is a limit of 5000 users per group. To work around this limit, the Commerce Server Software Development Kit (SDK) includes an object called the Subgroup Manager that enables you to store more than 5000 users in a "virtual" group, hiding the actual groups in which the users are stored. For more information, see Subgroup Manager. Since the use of this object will introduce even more overhead into an already expensive operation, it should be considered when determining the appropriate hardware for this component of your Web site.

The following table lists some of the questions that you need to answer to determine how you will best use Active Directory in your site design.

Planning question Recommendation
What data will you store in Active Directory? You should store only non-volatile data in Active Directory.
What volume of data will you store in Active Directory? You can include up to one million user accounts in a single Active Directory domain. This estimate is based on the following assumptions:
  • At any given time, 1 percent (10,000) of the users will be actively using the site.

  • The ratio of the number of items written to Active Directory to the number of items read from Active Directory is no more than 14 percent.

If you need to accommodate more than one million users in your Active Directory store, you can assemble multiple domains containing one million users each.

If you intend to use Active Directory for larger scale implementations, engage Microsoft Consulting Services (MCS) to assist you with planning.

See Also

Small Site Configuration With Active Directory

Setting Up Your Active Directory Servers

Migrating the Membership Directory

Example: Creating a Profile Definition with Two Data Sources


All rights reserved.