TECH::OMFG! Microsoft is killing IDMU???

Yesterday, I wrote a blog post on LDAP. During that, I was researching links to add to it and I came across this gem. I decided to leave it out of yesterday’s post for two reasons:

  1. Getting clarification on what this actually means
  2. Not to let it fall into the cracks

http://blogs.technet.com/b/activedirectoryua/archive/2015/01/25/identity-management-for-unix-idmu-is-deprecated-in-windows-server.aspx

A few users have asked about this recently so I am posting here to help let everyone know that Identity Management for Unix (IDMU) is deprecated and will not ship in future versions of Windows Server. This is documented in a couple places:

Identity Management for UNIX 

Features Removed or Deprecated in Windows Server 2012 R2

All IDMU-related features will go away, including UNIX Attributes tab. This also applies Network Information Service (NIS) and Remote Server Administration Tools (RSAT). Instead of RSAT, you should use native LDAP, Samba Client, Kerberos, or non-Microsoft options. For Network File System (NFS), there is a Windows PowerShell cmdlet that allows you to update the user account with uid/gid: Set-NfsMappedIdentity.

In the future, if you try upgrade a computer that runs IDMU components, the upgrade will stop and you will be prompted to remove IDMU as explained at Installing or removing Identity Management for UNIX by using a command line.

Reading that, I immediately thought… WTF THEY ARE REMOVING UNIX LDAP???

Source: Playbuzz.com, Home Alone

Naturally, since I push people toward the goodness that is Active Directory LDAP (such as the 240+ page TR-4073), I was a little… concerned. If you look at the comments in that MS blog link, I am Justin P.

However, Justin (from Microsoft) responded and it’s not as bad as I initially thought.

This is what is actually happening:

  • Microsoft, for whatever reason (and here’s hoping they reconsider), is removing the Tools for IDMU.So, no more native GUI to manage attributes, and possibly no more UNIX application support.
  • The schema backend, which is what hosts the UNIX-y attributes, will remain intact.
  • LDAP can still be used on AD, but you will either need to manually manage the schema via ADSI/Attributes Editor or via Powershell. Or, use something like Centrify.

If I recall, when I installed Windows 2012 R2, I didn’t need to extend the schema for UNIX attributes. They were already there – just not populated. But it’s still worth talking about. 🙂

Advertisements

3 thoughts on “TECH::OMFG! Microsoft is killing IDMU???

  1. Pingback: LDAP::Distinguishing Distinguished Names in LDAP – Part 4 | Why Is The Internet Broken?

  2. Pingback: LDAP::LDAP servers and clients and bears, oh my! – Part 5 | Why Is The Internet Broken?

  3. Pingback: LDAP::LDAP Servers and Clients – Part 5 | Why Is The Internet Broken?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s