The Price of Stability

I'm excited that Windows Server 2003 is about to ship, but I'm also a little worried about the new OS. My concerns started when I noticed that people are finally experiencing problems with Active Directory (AD). I say "finally" not because I think AD is buggy or troublesome. As far as I can determine, its egregious bugs are few--a decent outcome when you consider how large Windows 2000 is and therefore how complex AD is. My intention in this commentary isn't to pick on Microsoft or AD but rather to observe that AD is only now being used in significant numbers.

Let me explain that statement. I'm now getting fewer email messages asking me how to migrate to AD but far more messages asking questions such as, "How do I delete a Group Policy that I accidentally removed all permissions to?" or "How do I restore an AD on a damaged domain controller (DC)?" Suddenly, people are interested in knowing how to compact an AD database or how to forcibly demote a DC that won't respond to Dcpromo--things that apparently few people had any need for or interest in until recently. The growing use of AD is good news, inasmuch as AD-based domains offer us more functionality than Windows NT 4.0 domains do, but it also has me a bit worried about Windows 2003.

Like most software companies, Microsoft relies on testing to ensure software quality. That testing includes both internal testers (Redmond has a legion of them) and external testers, from the bazillions of people with a copy of Windows 2003 Release Candidate 2 (RC2) to the Joint Development Program (JDP) customers. But comprehensively testing the Windows 2003 AD version isn't easy.

To comprehensively test a piece of software, you need to put it through its paces and lean on it a bit. That stress testing is simple enough to do in the case of a desktop OS such as Windows XP or an application such as Microsoft Office. Even then, some nooks and crannies don't seem to get tested simply because not enough testers have the necessary hardware to thoroughly test all the features and functions. For example, a user once told me that an earlier version of Microsoft PowerPoint would regularly lock up on his workstation--and his workstation only. Eventually, he realized that his computer was the only two-processor machine in the company. When he rebooted his system in single-processor mode, the problem disappeared.

Specific server components such as DNS or the file-server module are usually quite testable, but AD is so large that I look at the huge number of possible permutations and wonder whether testing them all is possible. Win2K has just two types of ADs: mixed mode (Win2K and NT 4.0 DCs) and native mode (exclusively Win2K DCs). But Windows 2003 ADs can have four different DC mixes: Win2K mixed-domain functional level (Windows 2003, Win2K, and NT 4.0 DCs), Win2K native-domain functional level (Windows 2003 and Win2K DCs), Windows 2003 interim-domain functional level (Windows 2003 and NT 4.0 DCs), and Windows 2003 domain functional level (exclusively Windows 2003 DCs). I'm sure that Microsoft has tested all these combinations in test labs, but I noticed something long ago that I consider one of those immutable laws of networking: Many things work fine on small networks but fall apart on more complex ones.

As long as Microsoft relies on testing to achieve quality, we won't see Windows 2003 get really torture-tested until people start deploying and using it. That model is true for all software, but Windows 2003 has two additional hurdles to worry about. First, I suspect that users won't really start using the new OS any time soon. Slow adoption won't occur because Windows 2003 isn't a good product--I've been using it for much of my networking for 9 months now and I like it a lot--but because the competition is good, too. People adopted Win2K-based AD domains slowly because NT 4.0 domains were good enough for many uses, and I imagine they'll feel the same way about Windows 2003: "We'd like to upgrade, but budgets are tight and Win2K is adequate."

Second, about half of Windows 2003's neat new features aren't functional until after you've upgraded every DC in every domain in the forest to Windows 2003. As I said, I think people will adopt Windows 2003 slowly--so how much more slowly will they convert all their DCs to Windows 2003? It might be 2006 before enough people are really beating hard enough on Windows 2003 that Microsoft receives the kind of feedback that the company needs to get rid of all the bugs in Windows 2003.

So here, in a nutshell, is my paranoid worry: Given that software needs a wide audience of users to give it the final acid test and that people tend not to upgrade software until they need to and have the money to do so, it could be a long time (2007?) before we can feel steady about Windows 2003. Having said that, I could be dead wrong; check back in a year, and I'll let you know what my "email barometer" turns up.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.