Misplaced Pages

#225774

111-583: The LAN Manager OS/2 operating system was co-developed by IBM and Microsoft , using the Server Message Block (SMB) protocol. It originally used SMB atop either the NetBIOS Frames (NBF) protocol or a specialized version of the Xerox Network Systems (XNS) protocol. These legacy protocols had been inherited from previous products such as MS-Net for MS-DOS , Xenix-NET for MS-Xenix , and

222-666: A Directory Service with an LDAP Directory Service Interface. Unlike AD DS, multiple AD LDS instances can operate on the same server. Active Directory Certificate Services (AD CS) establishes an on-premises public key infrastructure . It can create, validate, revoke and perform other similar actions, public key certificates for internal uses of an organization. These certificates can be used to encrypt files (when used with Encrypting File System ), emails (per S/MIME standard), and network traffic (when used by virtual private networks , Transport Layer Security protocol or IPSec protocol). AD CS predates Windows Server 2008, but its name

333-490: A Windows domain-type network, assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer which is part of a Windows domain, Active Directory checks the submitted username and password and determines whether the user is a system administrator or a non-admin user. Furthermore, it allows the management and storage of information, provides authentication and authorization mechanisms, and establishes

444-543: A virtual DOS machine (VDM). Originally, a nearly complete version of Windows code was included with OS/2 itself: Windows 3.0 in OS/2 2.0, and Windows 3.1 in OS/2 2.1. Later, IBM developed versions of OS/2 that would use whatever Windows version the user had installed previously, patching it on the fly, and sparing the cost of an additional Windows license. It could either run full-screen, using its own set of video drivers, or "seamlessly," where Windows programs would appear directly on

555-443: A LM hash from being generated for their own password by using a password at least fifteen characters in length.—NTLM hashes have in turn become vulnerable in recent years to various attacks that effectively make them as weak today as LanMan hashes were back in 1998. Many legacy third party SMB implementations have taken considerable time to add support for the stronger protocols that Microsoft has created to replace LM hashing because

666-422: A Windows installation. As most computers were sold with Microsoft Windows pre-installed and the price was less, "Red Spine" was the more popular product. OS/2 Warp Connect—which has full LAN client support built-in—followed in mid-1995. Warp Connect was nicknamed "Grape". In OS/2 2.0, most performance-sensitive subsystems, including the graphics (Gre) and multimedia (MMPM/2) systems, were updated to 32-bit code in

777-452: A basic office application suite known as IBM Works . It was released in two versions: the less expensive "Red Spine" and the more expensive "Blue Spine" (named for the color of their boxes). "Red Spine" was designed to support Microsoft Windows applications by utilizing any existing installation of Windows on the computer's hard drive. "Blue Spine" includes Windows support in its own installation, and so can support Windows applications without

888-478: A cloud product. Active Directory Lightweight Directory Services (AD LDS), previously called Active Directory Application Mode (ADAM), implements the LDAP protocol for AD DS. It runs as a service on Windows Server and offers the same functionality as AD DS, including an equal API . However, AD LDS does not require the creation of domains or domain controllers. It provides a Data Store for storing directory data and

999-432: A dedicated set of credentials for each service. AD FS uses many popular open standards to pass token credentials such as SAML , OAuth or OpenID Connect . AD FS supports encryption and signing of SAML assertions. AD FS's purpose is an extension of that of AD DS: The latter enables users to authenticate with and use the devices that are part of the same network, using one set of credentials. The former enables them to use

1110-469: A design limitation specific to Active Directory, and other competing directories, such as Novell NDS , can set access privileges through object placement within an OU. Active Directory requires a separate step for an administrator to assign an object in an OU as a group member also within that OU. Using only the OU location to determine access permissions is unreliable since the entity might not have been assigned to

1221-416: A dispute over how to position OS/2 relative to Microsoft's new Windows 3.1 operating environment. With OS/2 Warp 3 in 1994, IBM attempted to also target home consumers through a multi-million dollar advertising campaign. However it continued to struggle in the marketplace, partly due to strategic business measures imposed by Microsoft in the industry that have been considered anti-competitive . Following

SECTION 10

#1732855010226

1332-499: A domain, account name generation poses a significant challenge for large organizations that cannot be easily subdivided into separate domains, such as students in a public school system or university who must be able to use any computer across the network. In Microsoft's Active Directory, OUs do not confer access permissions, and objects placed within OUs are not automatically assigned access privileges based on their containing OU. It represents

1443-538: A domain, ease its administration, and can resemble the organization's structure in managerial or geographical terms. OUs can contain other OUs—domains are containers in this sense. Microsoft recommends using OUs rather than domains for structure and simplifying the implementation of policies and administration. The OU is the recommended level at which to apply group policies , which are Active Directory objects formally named group policy objects (GPOs), although policies can also be applied to domains or sites (see below). The OU

1554-630: A fixpack, and included as part of OS/2 2.1. Warp 3 brought about a fully 32-bit windowing system, while Warp 4 introduced the object-oriented 32-bit GRADD display driver model. In 1991, IBM started development on an intended replacement for OS/2 called Workplace OS . This was an entirely new product, brand new code, that borrowed only a few sections of code from both the existing OS/2 and AIX products. It used an entirely new microkernel code base, intended (eventually) to host several of IBM's operating systems (including OS/2) as microkernel "personalities". It also included major new architectural features including

1665-533: A framework to deploy other related services: Certificate Services, Active Directory Federation Services , Lightweight Directory Services, and Rights Management Services . Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos , and DNS . Robert R. King defined it in the following way: "A domain represents a database. That database holds records about network services-things like computers, users, groups and other things that use, support, or exist on

1776-467: A full version of Warp 4 that required no activation and was essentially a free release. Special versions of OS/2 2.11 and Warp 4 also included symmetric multiprocessing (SMP) support. OS/2 sales were largely concentrated in networked computing used by corporate professionals; however, by the early 1990s, it was overtaken by Microsoft Windows NT. While OS/2 was arguably technically superior to Microsoft Windows 95 , OS/2 failed to develop much penetration in

1887-630: A hardware watchdog on selected machines (notably IBM machines) to break out of such a deadlock. Later, release 3.0 leveraged the enhancements of newer Intel 80486 and Intel Pentium processors—the Virtual Interrupt Flag (VIF), which was part of the Virtual Mode Extensions (VME)—to solve this problem. OS/2 2.1 was released in 1993. This version of OS/2 achieved compatibility with Windows 3.0 (and later Windows 3.1) by adapting Windows user-mode code components to run inside

1998-511: A machine. Other Active Directory services (excluding LDS , as described below) and most Microsoft server technologies rely on or use Domain Services; examples include Group Policy , Encrypting File System , BitLocker , Domain Name Services , Remote Desktop Services , Exchange Server , and SharePoint Server . The self-managed Active Directory DS must be distinct from managed Azure AD DS ,

2109-469: A network. The domain database is, in effect, Active Directory." Like many information-technology efforts, Active Directory originated out of a democratization of design using Requests for Comments (RFCs). The Internet Engineering Task Force (IETF) oversees the RFC process and has accepted numerous RFCs initiated by widespread participants. For example, LDAP underpins Active Directory. Also, X.500 directories and

2220-514: A pull replication cycle. Replication intervals between different sites are usually less consistent and don't usually use change notifications. However, it's possible to set it up to be the same as replication between locations on the same network if needed. Each DS3 , T1 , and ISDN link can have a cost, and the KCC alters the site link topology accordingly. Replication may occur transitively through several site links on same-protocol site link bridges if

2331-496: A result of the dispute, IBM signed the license agreement 15 minutes before Microsoft's Windows 95 launch event, which was later than their competitors and this badly hurt sales of IBM PCs. IBM officials later conceded that OS/2 would not have been a viable operating system to keep them in the PC business. A project was launched internally by IBM to evaluate the looming competitive situation with Microsoft Windows 95. Primary concerns included

SECTION 20

#1732855010226

2442-509: A shared Windows session while isolating other applications in one or more separate Windows sessions. At the cost of additional hardware resources, this approach can protect each program in any given Windows session (and each instance of Windows itself) from every other program running in any separate Windows session (though not from other programs running in the same Windows session). Whether Windows applications are running in full-screen or windowed mode, and in one Windows session or several, it

2553-543: A single Windows session – multitasking cooperatively and without memory protection – just as they would under native Windows 3.x. However, to achieve true isolation between Windows 3.x programs, OS/2 can also run multiple copies of Windows in parallel, with each copy residing in a separate VDM. The user can then optionally place each program either in its own Windows session – with preemptive multitasking and full memory protection between sessions, though not within them – or allow some applications to run together cooperatively in

2664-442: A system registry, JFS, support for UNIX graphics libraries, and a new driver model. Workplace OS was developed solely for POWER platforms , and IBM intended to market a full line of PowerPCs in an effort to take over the market from Intel . A mission was formed to create prototypes of these machines and they were disclosed to several corporate customers, all of whom raised issues with the idea of dropping Intel. Advanced plans for

2775-802: A time, and did this in a way that allowed the DOS program to have total control over the computer. A problem in DOS mode could crash the entire computer. In contrast, OS/2 2.0 could leverage the virtual 8086 mode of the Intel 80386 processor to create a much safer virtual machine in which to run DOS programs. This included an extensive set of configuration options to optimize the performance and capabilities given to each DOS program. Any real-mode operating system (such as 8086 Xenix ) could also be made to run using OS/2's virtual machine capabilities, subject to certain direct hardware access limitations. Like most 32-bit environments, OS/2 could not run protected-mode DOS programs using

2886-587: Is 4.52, which was released for both desktop and server systems in December 2001. IBM is still delivering defect support for a fee. IBM urges customers to migrate their often highly complex applications to e-business technologies such as Java in a platform-neutral manner. Once application migration is completed, IBM recommends migration to a different operating system, suggesting Linux as an alternative. After IBM discontinued development of OS/2, various third parties approached IBM to take over future development of

2997-578: Is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services . Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services. A domain controller is a server running the Active Directory Domain Services ( AD DS ) role. It authenticates and authorizes all users and computers in

3108-486: Is a collection of domains and domain trees in a contiguous namespace linked in a transitive trust hierarchy. The forest is at the top of the structure, a collection of trees with a standard global catalog, directory schema, logical structure, and directory configuration. The forest is a secure boundary that limits access to users, computers, groups, and other objects. The objects held within a domain can be grouped into organizational units (OUs). OUs can provide hierarchy to

3219-711: Is a violation of the LDAP RFCs on which Active Directory is supposedly based. As the number of users in a domain increases, conventions such as "first initial, middle initial, last name" ( Western order ) or the reverse (Eastern order) fail for common family names like Li (李), Smith or Garcia . Workarounds include adding a digit to the end of the username. Alternatives include creating a separate ID system of unique employee/student ID numbers to use as account names in place of actual users' names and allowing users to nominate their preferred word sequence within an acceptable use policy . Because duplicate usernames cannot exist within

3330-476: Is assigned a unique security identifier (SID). An object represents a single entity, such as a user, computer, printer, or group, along with its attributes. Some objects may even contain other objects within them. Each object has a unique name, and its definition is a set of characteristics and information by a schema , which determines the storage in the Active Directory. Administrators can extend or modify

3441-484: Is based on CORBA . The object oriented aspect of SOM is similar to, and a direct competitor to, Microsoft's Component Object Model , though it is implemented in a radically different manner; for instance, one of the most notable differences between SOM and COM is SOM's support for inheritance (one of the most fundamental concepts of OO programming)—COM does not have such support. SOM and DSOM are no longer being developed. Active Directory Active Directory ( AD )

LAN Manager - Misplaced Pages Continue

3552-440: Is because SamAccountName, a user object attribute, must be unique within the domain. However, two users in different OUs can have the same common name (CN), the name under which they are stored in the directory itself such as "fred.staff-ou.domain" and "fred.student-ou.domain", where "staff-ou" and "student-ou" are the OUs. In general, the reason for this lack of allowance for duplicate names through hierarchical directory placement

3663-481: Is considered obsolete and current Windows operating systems use the stronger NTLMv2 or Kerberos authentication methods, Windows systems before Windows Vista / Windows Server 2008 enabled the LAN Manager hash by default for backward compatibility with legacy LAN Manager and Windows ME or earlier clients, or legacy NetBIOS -enabled applications. It has for many years been considered good security practice to disable

3774-490: Is directly implemented into the Directory. Such groups are known as shadow groups . Once created, these shadow groups are selectable in place of the OU in the administrative tools. Microsoft's Server 2008 reference documentation mentions shadow groups but does not provide instructions on creating them. Additionally, there are no available server methods or console snap-ins for managing these groups. An organization must determine

3885-533: Is possible to use DDE between OS/2 and Windows applications, and OLE between Windows applications only. IBM's OS/2 for Windows product (codename Ferengi), also known as "OS/2, Special Edition", was interpreted as a deliberate strategy "of cashing in on the pervasive success of the Microsoft platform" but risked confusing consumers with the notion that the product was a mere accessory or utility running on Windows such as Norton Desktop for Windows when, in fact, it

3996-521: Is similar in functionality to a non-networked version of X11 or the Windows GDI . On top of this lies the Workplace Shell (WPS) introduced in OS/2 2.0. WPS is an object-oriented shell allowing the user to perform traditional computing tasks such as accessing files, printers, launching legacy programs, and advanced object oriented tasks using built-in and third-party application objects that extended

4107-465: Is that Microsoft primarily relies on the principles of NetBIOS , which is a flat-namespace method of network object management that, for Microsoft software, goes all the way back to Windows NT 3.1 and MS-DOS LAN Manager . Allowing for duplication of object names in the directory, or completely removing the use of NetBIOS names, would prevent backward compatibility with legacy software and equipment. However, disallowing duplicate object names in this way

4218-427: Is the foundation of every Windows domain network. It stores information about domain members, including devices and users, verifies their credentials , and defines their access rights . The server running this service is called a domain controller . A domain controller is contacted when a user logs into a device, accesses another device across the network, or runs a line-of-business Metro-style app sideloaded into

4329-420: Is the level at which administrative powers are commonly delegated, but delegation can be performed on individual objects or attributes as well. Organizational units do not each have a separate namespace. As a consequence, for compatibility with Legacy NetBios implementations, user accounts with an identical SamAccountName are not allowed within the same domain even if the accounts objects are in separate OUs. This

4440-562: Is used to replicate between sites but only for modifications in the Schema, Configuration, or Partial Attribute Set (Global Catalog) GCs. It's not suitable for reproducing the default Domain partition. Generally, a network utilizing Active Directory has more than one licensed Windows server computer. Backup and restore of Active Directory are possible for a network with a single domain controller. However, Microsoft recommends more than one domain controller to provide automatic failover protection of

4551-620: The BIOS or access hardware directly. Other development tools included a subset of the video and keyboard APIs as linkable libraries so that family mode programs are able to run under MS-DOS, and, in the OS/2 Extended Edition v1.0, a database engine called Database Manager or DBM (this was related to DB2 , and should not be confused with the DBM family of database engines for Unix and Unix-like operating systems). A task-switcher named Program Selector

LAN Manager - Misplaced Pages Continue

4662-497: The HPFS filesystem . HPFS provided a number of improvements over the older FAT file system, including long filenames and a form of alternate data streams called Extended Attributes . In addition, extended attributes were also added to the FAT file system. The Extended Edition of 1.2 introduced TCP/IP and Ethernet support. OS/2- and Windows-related books of the late 1980s acknowledged

4773-539: The HPFS filesystem , text mode OS/2 1.x applications, and OS/2 LAN Manager network support. Some early NT materials even included OS/2 copyright notices embedded in the software. One example of NT OS/2 1.x support is in the WIN2K resource kit. Windows NT could also support OS/2 1.x Presentation Manager and AVIO applications with the addition of the Windows NT Add-On Subsystem for Presentation Manager. OS/2 2.0

4884-534: The Intel 80286 processor and DOS fundamentally does not. IBM insisted on supporting the 80286 processor, with its 16-bit segmented memory mode, because of commitments made to customers who had purchased many 80286-based PS/2s as a result of IBM's promises surrounding OS/2. Until release 2.0 in April 1992, OS/2 ran in 16-bit protected mode and therefore could not benefit from the Intel 80386 's much simpler 32-bit flat memory model and virtual 8086 mode features. This

4995-546: The NT PDC / BDC model. Each DC has a copy of the Active Directory. Member servers joined to Active Directory that are not domain controllers are called Member Servers. In the domain partition, a group of objects acts as copies of domain controllers set up as global catalogs. These global catalog servers offer a comprehensive list of all objects in the forest. Global Catalog servers replicate all objects from all domains to themselves, providing an international listing of entities in

5106-702: The Organizational Unit preceded the Active Directory concept that uses those methods. The LDAP concept began to emerge even before the founding of Microsoft in April 1975, with RFCs as early as 1971. RFCs contributing to LDAP include RFC 1823 (on the LDAP API, August 1995), RFC 2307, RFC 3062, and RFC 4533. Microsoft previewed Active Directory in 1999, released it first with Windows 2000 Server edition, and revised it to extend functionality and improve administration in Windows Server 2003 . Active Directory support

5217-494: The data table and the link table . Windows Server 2003 added a third main table for security descriptor single instancing. Programs may access the features of Active Directory via the COM interfaces provided by Active Directory Service Interfaces . To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a forest are automatically created when domains are created. The forest sets

5328-521: The open source communities supporting these libraries first had to reverse engineer the newer protocols— Samba took 5 years to add NTLMv2 support, while JCIFS took 10 years. Poor patching regimes subsequent to software releases supporting the feature becoming available have contributed to some organisations continuing to use LM Hashing in their environments, even though the protocol is easily disabled in Active Directory itself. Lastly, prior to

5439-527: The "Joint Development Agreement" in August 1985. It was code-named "CP/DOS" and it took two years for the first product to be delivered. OS/2 1.0 was announced in April 1987 and released in December. The original release only ran in text mode , and a GUI was introduced with OS/2 1.1 about a year later. OS/2 features an API for controlling the video display (VIO) and handling keyboard and mouse events so that programmers writing for protected mode need not call

5550-553: The DNS server must support SRV resource records , also known as service records. Active Directory uses multi-master replication to synchronize changes, meaning replicas pull changes from the server where the change occurred rather than being pushed to them. The Knowledge Consistency Checker (KCC) uses defined sites to manage traffic and create a replication topology of site links. Intra-site replication occurs frequently and automatically due to change notifications, which prompt peers to begin

5661-702: The LM hash by default. Kerberos is used in Active Directory Environments. The major weaknesses of LAN Manager authentication protocol are: To address the security weaknesses inherent in LM encryption and authentication schemes, Microsoft introduced the NTLMv1 protocol in 1993 with Windows NT 3.1 . For hashing, NTLM uses Unicode support, replacing LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$ %") by NThash= MD4 ( UTF-16 -LE(password)) , which does not require any padding or truncating that would simplify

SECTION 50

#1732855010226

5772-496: The LM hash has several weaknesses in its design. This makes such hashes crackable in a matter of seconds using rainbow tables , or in a few minutes using brute force . Starting with Windows NT , it was replaced by NTLM , which is still vulnerable to rainbow tables, and brute force attacks unless long, unpredictable passwords are used, see password cracking . NTLM is used for logon with local accounts except on domain controllers since Windows Vista and later versions no longer maintain

5883-454: The OS/2 desktop. The process containing Windows was given fairly extensive access to hardware, especially video, and the result was that switching between a full-screen WinOS/2 session and the Workplace Shell could occasionally cause issues. Because OS/2 only runs the user-mode system components of Windows, it is incompatible with Windows device drivers ( VxDs ) and applications that require them. Multiple Windows applications run by default in

5994-499: The OS/2 team, as Cutler did not think much of the OS/2 technology and wanted to build on his work on the MICA project at Digital rather than creating a "DOS plus". His NT OS/2 was a completely new architecture. IBM grew concerned about the delays in development of OS/2 2.0. Initially, the companies agreed that IBM would take over maintenance of OS/2 1.0 and development of OS/2 2.0, while Microsoft would continue development of OS/2 3.0. In

6105-560: The afore-mentioned 3+Share. A version of LAN Manager for Unix-based systems called LAN Manager/X was also available. LAN Manager/X was the basis for Digital Equipment Corporation 's Pathworks product for OpenVMS , Ultrix and Tru64 . In 1990, Microsoft announced LAN Manager 2.0 with a host of improvements, including support for TCP/IP as a transport protocol for SMB, using NetBIOS over TCP/IP (NBT). The last version of LAN Manager, 2.2, which included an MS-OS/2 1.31 base operating system, remained Microsoft's strategic server system until

6216-648: The board in the Personal Systems Division as well as across IBM as a whole. This resulted in a decision being made at a level above the Division to cut over 95% of the overall budget for the entire product line, end all new development (including Workplace OS), eliminate the Boca Raton development lab, end all sales and marketing efforts of the product, and lay off over 1,300 development individuals (as well as sales and support personnel). $ 990 million had been spent in

6327-560: The compromised LM and NTLMv1 authentication protocols where they aren't needed. Starting with Windows Vista and Windows Server 2008, Microsoft disabled the LM hash by default; the feature can be enabled for local accounts via a security policy setting, and for Active Directory accounts by applying the same setting via domain Group Policy . The same method can be used to turn the feature off in Windows 2000, Windows XP and NT. Users can also prevent

6438-725: The consumer and stand-alone desktop PC segments; there were reports that it could not be installed properly on IBM's own Aptiva series of home PCs. Microsoft made an offer in 1994 where IBM would receive the same terms as Compaq (the largest PC manufacturer at the time) for a license of Windows 95, if IBM ended development of OS/2 completely. IBM refused and instead went with an "IBM First" strategy of promoting OS/2 Warp and disparaging Windows, as IBM aimed to drive sales of its own software as well as hardware. By 1995, Windows 95 negotiations between IBM and Microsoft, which were already difficult, stalled when IBM purchased Lotus SmartSuite , which would have directly competed with Microsoft Office . As

6549-550: The database. The Directory System Agent is the executable part, a set of Windows services and processes that run on Windows 2000 and later. Accessing the objects in Active Directory databases is possible through various interfaces such as LDAP, ADSI, messaging API , and Security Accounts Manager services. Active Directory structures consist of information about objects classified into two categories: resources (such as printers) and security principals (which include user or computer accounts and groups). Each security principal

6660-406: The directory. Domain controllers are ideally single-purpose for directory operations only and should not run any other software or role. Since certain Microsoft products, like SQL Server and Exchange, can interfere with the operation of a domain controller, isolation of these products on additional Windows servers is advised. Combining them can complicate the configuration and troubleshooting of

6771-444: The domain and OU structure and are shared across the forest. Sites play a crucial role in managing network traffic created by replication and directing clients to their nearest domain controllers (DCs). Microsoft Exchange Server 2007 uses the site topology for mail routing. Administrators can also define policies at the site level. The Active Directory information is physically held on one or more peer domain controllers , replacing

SECTION 60

#1732855010226

6882-483: The domain controller or the other installed software more complex. If planning to implement Active Directory, a business should purchase multiple Windows server licenses to have at least two separate domain controllers. Administrators should consider additional domain controllers for performance or redundancy and individual servers for tasks like file storage, Exchange, and SQL Server since this will guarantee that all server roles are adequately supported. One way to lower

6993-545: The end, Microsoft decided to recast NT OS/2 3.0 as Windows NT, leaving all future OS/2 development to IBM. From a business perspective, it was logical to concentrate on a consumer line of operating systems based on DOS and Windows, and to prepare a new high-end system in such a way as to keep good compatibility with existing Windows applications. While it waited for this new high-end system to develop, Microsoft would still receive licensing money from Xenix and OS/2 sales. Windows NT's OS/2 heritage can be seen in its initial support for

7104-412: The existence of both systems and promoted OS/2 as the system of the future. The collaboration between IBM and Microsoft unravelled in 1990, between the releases of Windows 3.0 and OS/2 1.3. During this time, Windows 3.0 became a tremendous success, selling millions of copies in its first year. Much of its success was because Windows 3.0 (along with MS-DOS) was bundled with most new computers. OS/2, on

7215-454: The failure of IBM's Workplace OS project, OS/2 Warp 4 became the final major release in 1996; IBM discontinued its support for OS/2 on December 31, 2006. Since then, OS/2 has been developed, supported and sold by two different third-party vendors under license from IBM – first by Serenity Systems as eComStation from 2001 to 2011, and later by Arca Noae LLC as ArcaOS since 2017. The development of OS/2 began when IBM and Microsoft signed

7326-427: The first version of their OS/2-based operating system in 2017 as ArcaOS. As of 2023, there have been multiple releases of ArcaOS, and it remains under active development. Many people hoped that IBM would release OS/2 or a significant part of it as open source . Petitions were held in 2005 and 2007, but IBM refused them, citing legal and technical reasons. It is unlikely that the entire OS will be open at any point in

7437-410: The forest itself is the only security boundary. All other domains must trust any administrator in the forest to maintain security. The Active Directory database is organized in partitions , each holding specific object types and following a particular replication pattern. Microsoft often refers to these partitions as 'naming contexts. The 'Schema' partition defines object classes and attributes within

7548-476: The forest. However, to minimize replication traffic and keep the GC's database small, only selected attributes of each object are replicated, called the partial attribute set (PAS). The PAS can be modified by modifying the schema and marking features for replication to the GC. Earlier versions of Windows used NetBIOS to communicate. Active Directory is fully integrated with DNS and requires TCP/IP —DNS. To fully operate,

7659-527: The forest. The 'Configuration' partition contains information on the physical structure and configuration of the forest (such as the site topology). Both replicate all domains in the forest. The 'Domain' partition holds all objects created in that domain and replicates only within it. Sites are physical (rather than logical) groupings defined by one or more IP subnets. AD also defines connections, distinguishing low-speed (e.g., WAN , VPN ) from high-speed (e.g., LAN ) links. Site definitions are independent of

7770-445: The framework that holds objects has different levels: the forest, tree, and domain. Domains within a deployment contain objects stored in a single replicable database, and the DNS name structure identifies their domains, the namespace . A domain is a logical group of network objects such as computers, users, and devices that share the same Active Directory database. On the other hand, a tree

7881-401: The fully-licensed MS-DOS 5.0, which had been patched and improved upon. For the first time, OS/2 was able to run more than one DOS application at a time. This was so effective that it allowed OS/2 to run a modified copy of Windows 3.0, itself a DOS extender , including Windows 3.0 applications. Because of the limitations of the Intel 80286 processor, OS/2 1.x could run only one DOS program at

7992-531: The future because it contains third-party code to which IBM does not have copyright, and much of this code is from Microsoft. IBM also once engaged in a technology transfer with Commodore , licensing Amiga technology for OS/2 2.0 and above, in exchange for the REXX scripting language. This means that OS/2 may have some code that was not written by IBM, which can therefore prevent the OS from being re-announced as open-sourced in

8103-531: The future. On the other hand, IBM donated Object REXX for Windows and OS/2 to the Open Object REXX project maintained by the REXX Language Association on SourceForge . There was a petition, arranged by OS2World, to open parts of the OS. Open source operating systems such as Linux have already profited from OS/2 indirectly through IBM's release of the improved JFS file system , which

8214-460: The group object for that OU yet. A common workaround for an Active Directory administrator is to write a custom PowerShell or Visual Basic script to automatically create and maintain a user group for each OU in their Directory. The scripts run periodically to update the group to match the OU's account membership. However, they cannot instantly update the security groups anytime the directory changes, as occurs in competing directories, as security

8325-605: The key. On the negative side, the same DES algorithm was used with only 56-bit encryption for the subsequent authentication steps, and there is still no salting. Furthermore, Windows machines were for many years configured by default to send and accept responses derived from both the LM hash and the NTLM hash, so the use of the NTLM hash provided no additional security while the weaker hash was still present. It also took time for artificial restrictions on password length in management tools such as User Manager to be lifted. While LAN Manager

8436-560: The last full year. Warp 4 became the last distributed version of OS/2. Although a small and dedicated community remains faithful to OS/2, OS/2 failed to catch on in the mass market and is little used outside certain niches where IBM traditionally had a stronghold. For example, many bank installations, especially automated teller machines , run OS/2 with a customized user interface; French SNCF national railways used OS/2 1.x in thousands of ticket selling machines. Telecom companies such as Nortel used OS/2 in some voicemail systems. Also, OS/2

8547-483: The major code quality issues in the existing OS/2 product (resulting in over 20 service packs, each requiring more diskettes than the original installation), and the ineffective and heavily matrixed development organization in Boca Raton (where the consultants reported that "basically, everybody reports to everybody") and Austin. That study, tightly classified as "Registered Confidential" and printed only in numbered copies, identified untenable weaknesses and failures across

8658-477: The new code base would eventually include replacement of the OS/400 operating system by Workplace OS, as well as a microkernel product that would have been used in industries such as telecommunications and set-top television receivers. A partially functional pre-alpha version of Workplace OS was demonstrated at Comdex, where a bemused Bill Gates stopped by the booth. The second and last time it would be shown in public

8769-502: The number of OS/2 users, in the belief that this would increase sales and demand for third-party applications, and thus strengthen OS/2's desktop numbers. This suggestion was bolstered by the fact that this demo version had replaced another which was not so easily cracked, but which had been released with trial versions of various applications. In 2000, the July edition of Australian Personal Computer magazine bundled software CD-ROMs, included

8880-469: The older VCPI interface, unlike the Standard mode of Windows 3.1; it only supported programs written according to DPMI . (Microsoft discouraged the use of VCPI under Windows 3.1, however, due to performance degradation.) Unlike Windows NT, OS/2 always allowed DOS programs the possibility of masking real hardware interrupts, so any DOS program could deadlock the machine in this way. OS/2 could, however, use

8991-509: The open hardware system approach that contributed to its success on the PC. IBM sought to use OS/2 to drive sales of its own hardware, and urged Microsoft to drop features, such as fonts , that IBM's hardware did not support. Microsoft programmers also became frustrated with IBM's bureaucracy and its use of lines of code to measure programmer productivity . IBM developers complained about the terseness and lack of comments in Microsoft's code, while Microsoft developers complained that IBM's code

9102-421: The operating system installation. A personal version of Lotus Notes was also included, with a number of template databases for contact management, brainstorming, and so forth. The UK-distributed free demo CD-ROM of OS/2 Warp essentially contained the entire OS and was easily, even accidentally, cracked , meaning that even people who liked it did not have to buy it. This was seen as a backdoor tactic to increase

9213-456: The operating system. The OS/2 software vendor Stardock made such a proposal to IBM in 1999, but it was not followed through by the company. Serenity Systems succeeded in negotiating an agreement with IBM, and began reselling OS/2 as eComStation in 2001. eComStation is now sold by XEU.com, the most recent version (2.1) was released in 2011. In 2015, Arca Noae, LLC announced that they had secured an agreement with IBM to resell OS/2. They released

9324-410: The operations authorized users can perform on them, such as viewing, editing, copying, saving, or printing. IT administrators can create pre-set templates for end users for convenience, but end users can still define who can access the content and what actions they can take. Active Directory is a service comprising a database and executable code . It is responsible for managing requests and maintaining

9435-597: The other hand, was available only as an additional stand-alone software package. In addition, OS/2 lacked device drivers for many common devices such as printers, particularly non-IBM hardware. Windows, on the other hand, supported a much larger variety of hardware. The increasing popularity of Windows prompted Microsoft to shift its development focus from cooperating on OS/2 with IBM to building its own business based on Windows. Several technical and practical reasons contributed to this breakup. The two companies had significant differences in culture and vision. Microsoft favored

9546-687: The physical hardware costs is by using virtualization . However, for proper failover protection, Microsoft recommends not running multiple virtualized domain controllers on the same physical hardware. The Active-Directory database , the directory store , in Windows 2000 Server uses the JET Blue -based Extensible Storage Engine (ESE98). Each domain controller's database is limited to 16 terabytes and 2 billion objects (but only 1 billion security principals). Microsoft has created NTDS databases with more than 2 billion objects. NT4's Security Account Manager could support up to 40,000 objects. It has two main tables:

9657-518: The previous GUI. Rather than merely providing an environment for program windows (such as the Program Manager), the Workplace Shell provided an environment in which the user could manage programs, files and devices by manipulating objects on the screen. With the Workplace Shell, everything in the system is an "object" to be manipulated. OS/2 2.0 was touted by IBM as "a better DOS than DOS and a better Windows than Windows". It managed this by including

9768-429: The price is low. However, KCC automatically costs a direct site-to-site link lower than transitive connections. A bridgehead server in each zone can send updates to other DCs in the exact location to replicate changes between sites. To configure replication for Active Directory zones, activate DNS in the domain based on the site. To replicate Active Directory, Remote Procedure Calls (RPC) over IP (RPC/IP) are used. SMTP

9879-569: The product as it failed to compete against Microsoft's Windows ; updated versions of OS/2 were released by IBM until 2001. The name stands for "Operating System/2", because it was introduced as part of the same generation change release as IBM's " Personal System/2 (PS/2)" line of second-generation PCs. OS/2 was intended as a protected-mode successor of PC DOS targeting the Intel 80286 processor. Notably, basic system calls were modeled after MS-DOS calls; their names even started with "Dos" and it

9990-424: The release of Windows NT Advanced Server in 1993. Many vendors shipped licensed versions, including: The LM hash is computed as follows: LAN Manager authentication uses a particularly weak method of hashing a user's password known as the LM hash algorithm, stemming from the mid-1980s when viruses transmitted by floppy disks were the major concern. Although it is based on DES , a well-studied block cipher ,

10101-401: The release of Windows Vista, many unattended build processes still used a DOS boot disk (instead of Windows PE ) to start the installation of Windows using WINNT.EXE, something that requires LM hashing to be enabled for the legacy LAN Manager networking stack to work. OS/2 OS/2 is a proprietary computer operating system for x86 and PowerPC based personal computers . It

10212-594: The release: IBM claimed that it had used Star Trek terms as internal names for prior OS/2 releases, and that this one seemed appropriate for external use as well. At the launch of OS/2 Warp in 1994, Patrick Stewart was to be the Master of Ceremonies ; however Kate Mulgrew of the then-upcoming series Star Trek: Voyager substituted for him at the last minute. OS/2 Warp offers a host of benefits over OS/2 2.1, notably broader hardware support, greater multimedia capabilities, Internet -compatible networking, and it includes

10323-631: The same set of credentials in a different network. As the name suggests, AD FS works based on the concept of federated identity . AD FS requires an AD DS infrastructure, although its federation partner may not. Active Directory Rights Management Services ( AD RMS ), previously known as Rights Management Services or RMS before Windows Server 2008 , is server software that allows for information rights management , included with Windows Server . It uses encryption and selective denial to restrict access to various documents, such as corporate e-mails , Microsoft Word documents, and web pages . It also limits

10434-420: The schema using the schema object when needed. However, because each schema object is integral to the definition of Active Directory objects, deactivating or changing them can fundamentally alter or disrupt a deployment. Modifying the schema affects the entire system automatically, and new objects cannot be deleted, only deactivated. Changing the schema usually requires planning. In an Active Directory network,

10545-539: The shell in an integrated fashion not available on any other mainstream operating system. WPS follows IBM's Common User Access user interface standards. WPS represents objects such as disks, folders, files, program objects, and printers using the System Object Model (SOM), which allows code to be shared among applications, possibly written in different programming languages. A distributed version called DSOM allowed objects on different computers to communicate. DSOM

10656-441: The structure of its information infrastructure by dividing it into one or more domains and top-level OUs. This decision is critical and can base on various models such as business units, geographical locations, IT service, object type, or a combination of these models. The immediate purpose of organizing OUs is to simplify administrative delegation and, secondarily, to apply group policies. While OUs serve as an administrative boundary,

10767-702: Was bloated . The two products have significant differences in API. OS/2 was announced when Windows 2.0 was near completion, and the Windows API already defined. However, IBM requested that this API be significantly changed for OS/2. Therefore, issues surrounding application compatibility appeared immediately. OS/2 designers hoped for source code conversion tools, allowing complete migration of Windows application source code to OS/2 at some point. However, OS/2 1.x did not gain enough momentum to allow vendors to avoid developing for both OS/2 and Windows in parallel. OS/2 1.x targets

10878-545: Was "a complete, modern, multi-tasking, pre-emptive operating system", itself hosting Windows instead of running on it. Available on CD-ROM or 18 floppy disks, the product documentation reportedly suggested Windows as a prerequisite for installing the product, also being confined to its original FAT partition, whereas the product apparently supported the later installation of Windows running from an HPFS partition, particularly beneficial for users of larger hard drives. Windows compatibility, relying on patching specific memory locations,

10989-414: Was also added to Windows 95, Windows 98, and Windows NT 4.0 via patch, with some unsupported features. Additional improvements came with subsequent versions of Windows Server . In Windows Server 2008 , Microsoft added further services to Active Directory, such as Active Directory Federation Services . The part of the directory in charge of managing domains, which was a core part of the operating system,

11100-540: Was at an OS/2 user group in Phoenix, Arizona ; the pre-alpha code refused to boot. It was released in 1995. But with $ 990 million being spent per year on development of this as well as Workplace OS, and no possible profit or widespread adoption, the end of the entire Workplace OS and OS/2 product line was near. In 1996, Warp 4 added Java and speech recognition software. IBM also released server editions of Warp 3 and Warp 4 which bundled IBM's LAN Server product directly into

11211-458: Was available through the Ctrl-Esc hotkey combination, allowing the user to select among multitasked text-mode sessions (or screen groups; each can run multiple programs). Communications and database-oriented extensions were delivered in 1988, as part of OS/2 1.0 Extended Edition: SNA , X.25 / APPC /LU 6.2, LAN Manager , Query Manager , SQL. The promised user interface, Presentation Manager ,

11322-518: Was especially painful in providing support for DOS applications. While, in 1988, Windows/386 2.1 could run several cooperatively multitasked DOS applications, including expanded memory (EMS) emulation, OS/2 1.3, released in 1991, was still limited to one 640 kB "DOS box". Given these issues, Microsoft started to work in parallel on a version of Windows which was more future-oriented and more portable. The hiring of Dave Cutler , former VAX/VMS architect, in 1988 created an immediate competition with

11433-440: Was initially created and developed jointly by IBM and Microsoft , under the leadership of IBM software designer Ed Iacobucci , intended as a replacement for DOS . The first version was released in 1987; a feud between the two companies beginning in 1990 resulted in Microsoft leaving development exclusively to IBM, who continued development on their own. OS/2 Warp 4 in 1996 was the last major upgrade, after which IBM slowly halted

11544-597: Was introduced with OS/2 1.1 in October 1988. It had a similar user interface to Windows 2.1 , which was released in May of that year. (The interface was replaced in versions 1.2 and 1.3 by a look closer in appearance to Windows 3.0 .) The Extended Edition of 1.1, sold only through IBM sales channels, introduced distributed database support to IBM database systems and SNA communications support to IBM mainframe networks. In 1989, Version 1.2 introduced Installable Filesystems and, notably,

11655-627: Was ported from the OS/2 code base. As IBM didn't release the source of the OS/2 JFS driver, developers ported the Linux driver back to eComStation and added the functionality to boot from a JFS partition. This new JFS driver has been integrated into eComStation v2.0, and later into ArcaOS 5.0. Release dates refer to the US English editions unless otherwise noted. The graphic system has a layer named Presentation Manager that manages windows, fonts, and icons. This

11766-446: Was possible to create "Family Mode" applications – text mode applications that could work on both systems. Because of this heritage, OS/2 shares similarities with Unix , Xenix , and Windows NT . OS/2 sales were largely concentrated in networked computing used by corporate professionals. OS/2 2.0 was released in 1992 as the first 32-bit version as well as the first to be entirely developed by IBM, after Microsoft severed ties over

11877-467: Was released in April 1992. At the time, the suggested retail price was US$ 195 , while Windows retailed for $ 150 . OS/2 2.0 provided a 32-bit API for native programs, though the OS itself still contained some 16-bit code and drivers. It also included a new OOUI (object-oriented user interface) called the Workplace Shell . This was a fully object-oriented interface that was a significant departure from

11988-496: Was renamed Active Directory Domain Services (ADDS) and became a server role like others. "Active Directory" became the umbrella title of a broader range of directory-based services. According to Byron Hynes, everything related to identity was brought under Active Directory's banner. Active Directory Services consist of multiple directory services. The best known is Active Directory Domain Services, commonly abbreviated as AD DS or simply AD. Active Directory Domain Services (AD DS)

12099-400: Was reportedly broken by the release of Windows 3.11, prompting accusations of arbitrary changes to Windows in order to perpetrate "a deliberate act of Microsoft sabotage" against IBM's product. Released in 1994, OS/2 version 3.0 was labelled as OS/2 Warp to highlight the new performance benefits, and generally to freshen the product image. "Warp" had originally been the internal IBM name for

12210-416: Was simply Certificate Services. AD CS requires an AD DS infrastructure. Active Directory Federation Services (AD FS) is a single sign-on service. With an AD FS infrastructure in place, users may use several web-based services (e.g. internet forum , blog , online shopping , webmail ) or network resources using only one set of credentials stored at a central location, as opposed to having to be granted

12321-535: Was used for the host PC used to control the Satellite Operations Support System equipment installed at NPR member stations from 1994 to 2007, and used to receive the network's programming via satellite. Although IBM began indicating shortly after the release of Warp 4 that OS/2 would eventually be withdrawn, the company did not end support until December 31, 2006, with sales of OS/2 stopping on December 23, 2005. The latest IBM OS/2 Warp version

#225774