The most obvious use of a metadirectory is to synchronize passwords and user attributes among NOS directories (and/or enterprise messaging directories). More ambitious metadirectory plans include integrating those items with human resources systems, PBXes and other data sources to fully automate the flow of user and object information into and throughout the enterprise. The latest twist is to incorporate directory services and store more network-level information in the directory. Microsoft Corp.'s forthcoming Windows 2000 Active Directory Service (ADS), Novell's NDS and Zoomit Corp.'s VIA Server 2.0 all add IP and DNS management as integral functions of the directory.

The simplest metadirectory implementations can be easily achieved on a technical level: Synchronizing NDS and Windows NT/ Exchange users via NetVision Synchronicity, for example, does not take much technical effort. Larger organizations, however, should expect to face political, as well as technical, problems when they link various directories.

Metadirectories reflect real-world business events, such as hiring a new employee and subsequently establishing his or her server accounts. If your metadirectory plans include automating the integration of PBX and human-resources data into various network directories, you may cross sensitive political boundaries within your organization and find that you need a way to protect sensitive information, such as personnel data.

In addition, metadirectory solutions must address the age-old issues of matching data that doesn't have a common key. In the worst case, if an organization hasn't carefully maintained a unique user ID for each person, a single user may be represented by a different name in each directory. To deal with this, metadirectories such as Zoomit's VIA Server use a "join," where these dissimilar attributes are aliased to a single, logical representation of that user. Once these objects are joined, the metadirectory will propagate subsequent changes to all joined directory objects.

Furthermore, today's enterprise network is defined by small vendor-oriented camps, each sharing a common directory service. Novell and its partners use NDS, for example, while Microsoft BackOffice-certified applications are NT Domain-aware. This approach dramatically eases the management of multiple servers from the same vendor--all NetWare servers can be managed through NDS. However, a lack of cooperation among vendors may leave your organization managing one or more NDS trees, multiple NT Domains for simple file and print services, NDS-aware or NT BackOffice applications and possibly Unix NIS (Network Information Service) maps, a Lotus Notes directory and/or Netscape Communications Corp.'s standalone LDAP directory supporting SuiteSpot applications.