differences windows active directory and novell directory services donnie hamlett technology...
TRANSCRIPT
DifferencesDifferences
Windows Active DirectoryWindows Active Directory andand
Novell Directory ServicesNovell Directory Services
Donnie Hamlett
Technology Specialist
Microsoft – New York
AgendaAgenda
IntroductionIntroduction X.500 Directories, History and X.500 Directories, History and
TerminologyTerminology X.500 Implemented with AD and NDSX.500 Implemented with AD and NDS ObjectsObjects Networking and ServicesNetworking and Services LDAPLDAP Directory Design and Partitioning Directory Design and Partitioning
the Directorythe Directory ProgrammingProgramming SummarySummary
IntroductionIntroduction
Purpose of this session is to get a Purpose of this session is to get a thorough understanding of the thorough understanding of the basic differences between the basic differences between the Windows 2000 AD and Novell NDS.Windows 2000 AD and Novell NDS.
X.500 HistoryX.500 History
X.500 is the standard produced by the ISO/ITU X.500 is the standard produced by the ISO/ITU defining the protocols and information model defining the protocols and information model for a directory service that is independent of for a directory service that is independent of computing application and network platformcomputing application and network platform X.509 Authentication Framework is a series of X.509 Authentication Framework is a series of
standards, describes the use of digital certificates standards, describes the use of digital certificates and PKIand PKI
X.525 ReplicationX.525 Replication First released in 1988 and updated in 1993 and First released in 1988 and updated in 1993 and
1997 1997 X.500 standard defines a specification for a rich, X.500 standard defines a specification for a rich,
distributed directory based on hierarchically distributed directory based on hierarchically named information objects (directory entries) named information objects (directory entries) that users can browse and searchthat users can browse and search
X.500 – Glorified, very logical, electronic yellow X.500 – Glorified, very logical, electronic yellow pages for X.400 messaging systemspages for X.400 messaging systems
X.500 X.500 FundamentalsFundamentals
DIB - Directory Information BaseDIB - Directory Information Base The actual database(s) that store(s) the entries in The actual database(s) that store(s) the entries in
the directory servicethe directory service Directory Information TreeDirectory Information Tree
Dictated by the database schema to present a Dictated by the database schema to present a hierarchical tree objectshierarchical tree objects
DIBDIB
DITDIT
X.500X.500 SchemaSchema
Design of the directory store. Defines objects, Design of the directory store. Defines objects, attributes, and system informationattributes, and system information
Object ClassesObject Classes Define the kinds of objects that can be instantiated in Define the kinds of objects that can be instantiated in
the directorythe directory Define the rules for an objectDefine the rules for an object Define the attributes that are intended for the objectDefine the attributes that are intended for the object
DIB
Object
Attribute
X.500X.500 ObjectsObjects
Specific entries in the directory storeSpecific entries in the directory store Are comprise of attributesAre comprise of attributes
AttributesAttributes Describe certain aspects of the objectDescribe certain aspects of the object
USER OBJECTUSER OBJECT AttributesAttributes....First Name, Last Name,First Name, Last Name,Phone Number, AddressPhone Number, Address
DIB
Object
Attribute
X.500 Directory ServicesX.500 Directory Services DSA - Directory System AgentDSA - Directory System Agent
The actual process client applications bind to to search the directoryThe actual process client applications bind to to search the directory Utilizes DSP - Directory System ProtocolUtilizes DSP - Directory System Protocol
DUA - Directory User AgentDUA - Directory User Agent Client Process that binds to a DSA to retrieve information from the Client Process that binds to a DSA to retrieve information from the
directorydirectory Utilizes the Directory Access ProtocolUtilizes the Directory Access Protocol
Access ProtocolsAccess Protocols DAP – Directory Access ProtocolDAP – Directory Access Protocol LDAP – Lightweight Directory Access Protocol, developed because LDAP – Lightweight Directory Access Protocol, developed because
DAP is bulky and it didn’t lend itself to the internet.DAP is bulky and it didn’t lend itself to the internet.
DAP
LDAP
X.500 Directory ServicesX.500 Directory Services HierarchyHierarchy
Representation of data in the directory.Representation of data in the directory. Is easier to use than flat systemsIs easier to use than flat systems
Defined in X.500Defined in X.500 (Root)(Root) DC – Domain ComponentDC – Domain Component C – CountryC – Country L - LocalityL - Locality O – OrganizationO – Organization OU – Organizational UnitOU – Organizational Unit CN – Common NameCN – Common Name
Distinguished NameDistinguished Name defines the name defines the name
and location in the DITand location in the DIT Relative Distinguished NameRelative Distinguished Name
Uses a reference point,Uses a reference point,
Partial namePartial name
C = US
O = Microsoft
CN = Kevin
OU = Development
CN = Mike
OU = Sales
CN = Thomas
O=US, O=Microsoft, OU=Development, CN=Thomas
X.500 X.500 Implemented with AD and NDSImplemented with AD and NDS
No one used the full set of X.500 No one used the full set of X.500 definitions to design their directory definitions to design their directory service. service.
Everyone has their own proprietary Everyone has their own proprietary take on how X.500 is implemented.take on how X.500 is implemented.
Differences – Differences – X.500 NamesX.500 Names
Both Novell and AD use X.500 name Both Novell and AD use X.500 name schemes but they do not implement schemes but they do not implement all of them.all of them.
Active DirectoryActive Directory
DCDC
OUOU
CNCN
Novell Directory ServiceNovell Directory Service
CC
OO
OUOU
CNCN
Differences – Differences – ObjectsObjects
Windows – Static InheritanceWindows – Static Inheritance More weight on directory at creation, write intensiveMore weight on directory at creation, write intensive All Ace's are contained within the objectAll Ace's are contained within the object Larger objects increases the size of the DIBLarger objects increases the size of the DIB Rights controlled by groupsRights controlled by groups
Novell – Dynamic InheritanceNovell – Dynamic Inheritance When the object is called you must aggregate its When the object is called you must aggregate its
rights by walking the treerights by walking the tree More weight on the directory when readMore weight on the directory when read Rights controlled by OU’s (also groups)Rights controlled by OU’s (also groups) Must Tree Walk – this can go across WAN – badMust Tree Walk – this can go across WAN – bad
Object AccessObject Access
Access to directory objects is controlled via Access to directory objects is controlled via Access Control Lists (ACLs)Access Control Lists (ACLs)
Fine granularity is provided by Access Fine granularity is provided by Access Control Entries (ACEs) that apply to specific Control Entries (ACEs) that apply to specific attributesattributes
DirectoryObject
DirectoryObject
ACL
Sales Managersread access
Sales Managersread access
ACE
ACEs can apply to specific attributes
= Global Catalog= Global Catalog Replica Replica
Global Data Availability - CatalogsGlobal Data Availability - Catalogs
Active Directory Catalogs: Active Directory Catalogs: Enable efficient cross-domain data sharingEnable efficient cross-domain data sharing Use the same set-up tools as replicasUse the same set-up tools as replicas Use same replication mechanisms and the same Use same replication mechanisms and the same
interval as domain replicasinterval as domain replicas Enforce object and attribute level securityEnforce object and attribute level security
asia.acme.comasia.acme.comasia.acme.comasia.acme.com
acme.comacme.comacme.comacme.com
europe.acme.comeurope.acme.comeurope.acme.comeurope.acme.com
Windows 2000 ForestWindows 2000 Forest
xyx.comxyx.comxyx.comxyx.com
CatalogCatalog CatalogCatalog CatalogCatalog
DredgerDredgerDredgerDredger
Global Data Availability - CatalogsGlobal Data Availability - Catalogs
NDS Catalogs:NDS Catalogs: Are based on periodic ‘dredging’Are based on periodic ‘dredging’ Occur only at scheduled 1-7 day intervalsOccur only at scheduled 1-7 day intervals Users are granted/denied access to entire Users are granted/denied access to entire
catalog – no attribute/object-level securitycatalog – no attribute/object-level security Are being completely redesigned...Are being completely redesigned...
DredgerDredgerDredgerDredger DredgerDredgerDredgerDredger
San DiegoSan Diego ChicagoChicago BostonBoston
Differences – Differences – Networking and ServicesNetworking and Services
Active DirectoryActive Directory Based on TCPIPBased on TCPIP DNS Server Resource Records ( MX-Record)DNS Server Resource Records ( MX-Record) LDAP for internal searches, each object has a unique GUID LDAP for internal searches, each object has a unique GUID
example on following pageexample on following page All Domain Controllers are native LDAP ServersAll Domain Controllers are native LDAP Servers Integrates with DNSIntegrates with DNS
NDSNDS Originally based on IPX/SPXOriginally based on IPX/SPX
Service Advertising Protocol (SAP) to advertise ServicesService Advertising Protocol (SAP) to advertise Services Implemented in TCPIP with Implemented in TCPIP with
Service Location Protocol (SLIP) also advertisement basedService Location Protocol (SLIP) also advertisement based SLIP does not integrate with DNS proprietarySLIP does not integrate with DNS proprietary
When implemented together reduces network performance When implemented together reduces network performance because routers must support RIP that allows for both SLIP because routers must support RIP that allows for both SLIP and SAP protocolsand SAP protocols
Not a native LDAP Server – it has a LDAP interface that Not a native LDAP Server – it has a LDAP interface that translates LDAP request to native NDAP protocolstranslates LDAP request to native NDAP protocols
comcom
microsoftmicrosoft
eduedu
stanfordstanford
coursescourses
Domain:Domain:stanford.edu stanford.edu
aVendoraVendor
musicmusic
studentsstudents
sarahjsarahjthorjthorj
Vera KarkVera KarkMargretJMargretJ
Domain :Domain :aVendor.comaVendor.com
Domain :Domain :microsoft.commicrosoft.com
Active DirectoryActive DirectoryGlobal namespace = DNS + LDAP DirectoriesGlobal namespace = DNS + LDAP Directories
Internet Standards Support - LDAP Internet Standards Support - LDAP Active Directory vs. NDS – LDAP SearchActive Directory vs. NDS – LDAP Search
578
1,162
608
2,047
608
3,676
0
1,000
2,000
3,000
4,000
LD
AP
Sea
rch
es/S
eco
nd
UP 2P 4P
Processors
Base Search
NDS 8 on NetwareActive Directory
Better
Better
NDSNDS Active Active DirectoryDirectory
LDAP Requests ProcessedLDAP Requests Processed Translated NativelyTranslated NativelyServices Published through LDAPServices Published through LDAP LimitedLimited All All• Active Directory is a faster & more interoperable LDAP ServerActive Directory is a faster & more interoperable LDAP Server
Differences - Differences - DesignDesign
Active DirectoryActive Directory Partition the directory by DomainPartition the directory by Domain Different Administrative view and Replication Different Administrative view and Replication
viewview DomainDomain SiteSite
Replication occurs via sites (IP subnets of Replication occurs via sites (IP subnets of good connectivity)good connectivity)
A server can only host one Domain partitionA server can only host one Domain partition Multi-master replicationMulti-master replication
Uses update Sequence Numbers to prevent corruptionUses update Sequence Numbers to prevent corruption Replication is controlled and easy to Replication is controlled and easy to
configureconfigure A Domain can efficiently span multiple sitesA Domain can efficiently span multiple sites
ReplicationReplication
What is Replicated ? – What is Replicated ? – only changes are replicatedonly changes are replicated Directory InformationDirectory Information ConfigurationConfiguration Schema Schema
There are two forms of replicationThere are two forms of replication Intrasite ReplicationIntrasite Replication Intersite ReplicationIntersite Replication
Knowledge Consistency CheckerKnowledge Consistency Checker Automatically configures and checks topology for Automatically configures and checks topology for
the most efficient replicationthe most efficient replication
ToolsTools Sites and Services MMC snap-inSites and Services MMC snap-in ReplmonReplmon
SitesSites
A Site separates networks physical topology from the Active A Site separates networks physical topology from the Active Directories logical view of the NetworkDirectories logical view of the Network
Site is a area of “good connectivity”Site is a area of “good connectivity”
A Site is a collection of subnetsA Site is a collection of subnets
All directory replication is controlled via SitesAll directory replication is controlled via Sites
A Site can be composed of multiple Domains A Site can be composed of multiple Domains
Clients discover their site based on the subnet mask received Clients discover their site based on the subnet mask received from DHCP (or hand-configured)from DHCP (or hand-configured)
Basis for locality-based resource discovery Basis for locality-based resource discovery
Intrasite ReplicationIntrasite Replication
Automatically Configured for youAutomatically Configured for you Replication occurs whenever there is a Replication occurs whenever there is a
directory change or a interval of ~ 7 directory change or a interval of ~ 7 minutesminutes
Not CompressedNot Compressed Not easily controllable Not easily controllable
Intrasite ReplicationIntrasite Replication
Intra-SiteReplicationIntra-Site
Replication
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
Intersite ReplicationIntersite Replication
Compressed 10-1Compressed 10-1 ConfigurableConfigurable
Scheduled (15 minutes – 3hours)Scheduled (15 minutes – 3hours) RPC or SMTPRPC or SMTP Site LinksSite Links Site BridgesSite Bridges
Intersite ReplicationIntersite Replication
Site 2Site 2
Inter-SiteReplicationSite 1Site 1
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
DomainControllerDomainController
Site LinksSite Links
Represents the Priority of Replication Traffic Represents the Priority of Replication Traffic Between the Sites Identified in the Site LinkBetween the Sites Identified in the Site Link
Higher Cost Numbers Represent Lower Priority Replication Higher Cost Numbers Represent Lower Priority Replication PathsPaths
Control Topology by Setting the Costs on Site LinksControl Topology by Setting the Costs on Site Links Control the Replication Frequency by Setting the Number of Control the Replication Frequency by Setting the Number of
Minutes Between Replication AttemptsMinutes Between Replication Attempts Control Link Availability Using the Schedule onControl Link Availability Using the Schedule on
Site LinksSite Links Can Link multiple site to create a controlled path of Can Link multiple site to create a controlled path of
replication called a Site Bridgereplication called a Site Bridge
Site Links and BridgesSite Links and Bridges
Site Z
Site Y
Site X
Site Link XY
Site Link YZ
Site Link BridgeXYZ
Site Link BridgeXYZ
R1 USN:5R1 USN:5R2 USN:305R2 USN:305
R1 USN:5R1 USN:5R2 USN:305R2 USN:305R3 USN:62R3 USN:62
R2 USN:305R2 USN:305R3 USN:62R3 USN:62
Architecture Architecture ReplicationReplication
After replicationAfter replication
R1R1 R2R2
R3R3
HR Sales
MSNA Europe
MSHQ1MSHQ1 MSHQ2MSHQ2 MSHQ3MSHQ3
HR1HR1 HR2HR2 Sales1Sales1 Sales2Sales2 Sales3Sales3
MSNA1MSNA1
MSNA2MSNA2
EURO1EURO1EURO2EURO2
MSHQ1MSHQ1 HR1HR1 Sales1Sales1
MSNA1MSNA1 EURO1EURO1MSHQ2MSHQ2 HR2HR2
Sales2Sales2
MSHQ3MSHQ3
MSNA2MSNA2
Sales3Sales3 EURO2EURO2
Site RedmondSite RedmondSite SeattleSite Seattle
Site ParisSite Paris
Sites and the ADSites and the AD
Microsoft
Operation MastersOperation Masters
These Roles are These Roles are Recoverable – Recovery ConsoleRecoverable – Recovery Console Transferable – Command LineTransferable – Command Line
These are the following RolesThese are the following Roles RID MasterRID Master – one per domain, controls relative id’s – one per domain, controls relative id’s PDC EmulatorPDC Emulator – one per domain, allows password updates – one per domain, allows password updates
and backwards compatibility with NT 4.0 BDC’sand backwards compatibility with NT 4.0 BDC’s Infrastructure MasterInfrastructure Master – one per domain, updates group and – one per domain, updates group and
user information when changes are madeuser information when changes are made Schema MasterSchema Master – one per forest, controls schema updates – one per forest, controls schema updates Domain Naming MasterDomain Naming Master – one per forest, controls all – one per forest, controls all
additions and removals of domainsadditions and removals of domains
Differences - Differences - DesignDesign
NDSNDS Partition the directory by OUPartition the directory by OU OU’s are tied to physical locationsOU’s are tied to physical locations Multimaster replicationMultimaster replication A server can host multiple partitionsA server can host multiple partitions Replication occurs via time stampsReplication occurs via time stamps Replication is very difficult to configure and Replication is very difficult to configure and
is not controllableis not controllable It is not recommended to have OU’s span It is not recommended to have OU’s span
physical boundariesphysical boundaries
AD ReplicaAD Replica
BostonBoston
San DiegoSan Diego
ChicagoChicago
San DiegoSan Diego
AD ReplicaAD Replica
BostonBoston
BostonBoston
ChicagoChicago
San DiegoSan Diego
Global Data Availability - SearchesGlobal Data Availability - Searches
Active Directory:Active Directory: Partitions map to Windows 2000 domainsPartitions map to Windows 2000 domains Partitions can span many sites and WAN linksPartitions can span many sites and WAN links Optimizes replication automatically between sites and Optimizes replication automatically between sites and
over slow network linksover slow network links Impact: Faster and more complete searchesImpact: Faster and more complete searches
ReplicationReplication ReplicationReplication
Windows 2000 DomainWindows 2000 Domain
Find:Find:‘‘All All
Bobs’Bobs’
Find:Find:‘‘All All
Bobs’Bobs’
AnswerAnswerAnswerAnswer
AD ReplicaAD Replica
BostonBoston
ChicagoChicago
ChicagoChicago
San DiegoSan Diego
Global Data Availability - SearchesGlobal Data Availability - Searches
NDS Version 8:NDS Version 8: Partitions cannot span WAN links . . .easilyPartitions cannot span WAN links . . .easily Replication does not occur on an inter-site basisReplication does not occur on an inter-site basis Cross-location searches must ‘tree walk’Cross-location searches must ‘tree walk’ Impact: Slower and less complete searches; more Impact: Slower and less complete searches; more
network trafficnetwork traffic
NDS ServerNDS Server
BostonBoston
San DiegoSan Diego
ChicagoChicago
San DiegoSan Diego
NDS ServerNDS Server
BostonBoston
ChicagoChicago
NDS ServerNDS Server
ChicagoChicago
NDS TreeNDS Tree
BostonBoston
San DiegoSan Diego San DiegoSan Diego
WANWAN
WANWAN
Find:Find:‘‘All All
Bobs’Bobs’
Find:Find:‘‘All All
Bobs’Bobs’
BostonBoston
ChicagoChicago
AnswerAnswerAnswerAnswer
Global Data Availability - ReplicationGlobal Data Availability - Replication
Active DirectoryActive Directory
WAN
Site 1 Site 2
• NDS: 90 Connections; 25 WAN crossingsNDS: 90 Connections; 25 WAN crossings• Active Directory: 13 Connections; 1 WAN crossingActive Directory: 13 Connections; 1 WAN crossing
R BReplica Bridgehead ServerConnection
NDSNDS
WAN
Site 1 Site 2
WindowsWindows20002000
WindowsWindows20002000
FileFileSystemSystem
FileFileSystemSystem
KerberosKerberos
Smart CardSmart Card
X.509/PKIX.509/PKI
CertificatesCertificates
AuthenticationAuthenticationAuthorizationAuthorization
Active DirectoryActive Directory
Internet Standards Support - PKIInternet Standards Support - PKI
Active Directory Advantages: Active Directory Advantages: Better PKI ManagementBetter PKI Management
integrated key recovery mechanism and revocable certificatesintegrated key recovery mechanism and revocable certificates web-based access and managementweb-based access and management integrated client-side distribution of keys integrated client-side distribution of keys
Comprehensive OS Integration (IIS, EFS, IPSec)Comprehensive OS Integration (IIS, EFS, IPSec) Application Integration (CryptoAPI)Application Integration (CryptoAPI)
Internet Standards Support - SummaryInternet Standards Support - Summary
Active DirectoryActive Directory Native LDAP serverNative LDAP server Full namespace integration with DNSFull namespace integration with DNS Integrated support for PKI technologiesIntegrated support for PKI technologies
NDSNDS LDAP requests are translated LDAP requests are translated No Namespace Integration with DNSNo Namespace Integration with DNS Limited Integration with PKILimited Integration with PKI
Application IntegrationApplication Integration
Active Directory Services InterfaceActive Directory Services Interface Provides a consistent, simple way for COM-enabled Provides a consistent, simple way for COM-enabled
apps to access directory servicesapps to access directory services Usable for any LDAP server (including NDS)Usable for any LDAP server (including NDS) Leverages COM Windows Development toolsLeverages COM Windows Development tools Greatly simplifies development of directory-enabled Greatly simplifies development of directory-enabled
applicationsapplications
ActiveActiveDirectoryDirectory
ActiveActiveDirectoryDirectory
ApplicationApplicationApplicationApplicationNT-DSNT-DSNT-DSNT-DS
LDAPLDAPLDAPLDAP
NDSNDSNDSNDS
AADDSSII
OOLLEEDDBB
DatabasesDatabasesDatabasesDatabases
ApplicationApplicationApplicationApplication
ApplicationApplicationApplicationApplication
AADDOO
Application IntegrationApplication Integration
Active Directory enables powerful Active Directory enables powerful directory-enabled applications directory-enabled applications Group Policy IntegrationGroup Policy Integration Service PublicationService Publication Directory Object ExtensionDirectory Object Extension ADSI Extension ModelADSI Extension Model Active Directory Class SoreActive Directory Class Sore
AD-enabled ApplicationsAD-enabled Applications Baan, J.D. Edwards, SAP, Cisco & othersBaan, J.D. Edwards, SAP, Cisco & others BackOffice 2000, MSMQ, MTS and mostBackOffice 2000, MSMQ, MTS and most othersothers
Application Integration - SummaryApplication Integration - Summary
Windows 2000 & Active DirectoryWindows 2000 & Active Directory COM, ADSI, Logo programsCOM, ADSI, Logo programs LDAP-based access to all featuresLDAP-based access to all features Rich Development Environment (VB,C++,Java)Rich Development Environment (VB,C++,Java) Supports Distributed Applications over WANsSupports Distributed Applications over WANs Large ISV Support: 8,000+ Windows ApplicationsLarge ISV Support: 8,000+ Windows Applications
NetWare & NDSNetWare & NDS ADSI support not available on NetWareADSI support not available on NetWare Incomplete LDAP-based access to NDS featuresIncomplete LDAP-based access to NDS features Java-only development environmentJava-only development environment Partitions limit application functionalityPartitions limit application functionality Poor ISV Support - GroupWise not even NDS-enabledPoor ISV Support - GroupWise not even NDS-enabled
Active Directory vs. NDSActive Directory vs. NDS
ActiveActive NDS NDS ComparisonComparison DirectoryDirectory Version 8Version 8
Storage technologyStorage technology IndexedIndexed IndexedIndexed
Max objects/partitionMax objects/partition MillionsMillions MillionsMillions
Partition BoundaryPartition Boundary Geo/PoliticalGeo/Political WANWAN
Partition-spanning groups?Partition-spanning groups? YesYes Not AdvisedNot Advised
Same store for catalogs?Same store for catalogs? YesYes NoNo
Catalog update intervalCatalog update interval ContinuousContinuous ScheduledScheduled
Attribute security in catalog?Attribute security in catalog? YesYes NoNo
Native LDAP support?Native LDAP support? YesYes NoNo
Global change LDAP interface?Global change LDAP interface? YesYes NoNo
DNS naming integrationDNS naming integration YesYes NoNo
Integrated PKI support?Integrated PKI support? YesYes NoNo
ADSI provider support?ADSI provider support? YesYes Yes*Yes*
Java SupportJava Support Yes (JADSI)Yes (JADSI) Yes (JNDI)Yes (JNDI)
VB, C, C++ SupportVB, C, C++ Support YesYes NoNo
Interoperability ToolsInteroperability Tools YesYes NoNo* Not available to NetWare applications* Not available to NetWare applications
This document is for informational purposes only. MICROSOFT MAKES NO This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2000 Microsoft Corporation. All rights reserved.© 2000 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Where do you want to go today?, Windows, the Microsoft, Active Directory, Where do you want to go today?, Windows, the Windows logo and Windows NTWindows logo and Windows NT are either registered trademarks or are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other trademarks of Microsoft Corporation in the United States and/or other countries.countries. The names of actual companies and products mentioned herein may be the The names of actual companies and products mentioned herein may be the trademarks of their respective owners.trademarks of their respective owners.