Philip Kerr's 1998 novel, "The Second Angel," is set in the year 2069, the centennial of the first manned lunar landing--and Bill Gates is still alive.

One character in the book speculates that Gates is being kept alive, at the age of 113, in suspended animation. A science fiction writer would not need to look 70 years ahead to imagine a time when Microsoft's (or Gates') preeminence may be near its end.

In fact, many people have suggested that Microsoft is in the fight of its life right now.

Not long ago, I had an idea that Kerr might be too optimistic about Microsoft's future--but I didn't think the Justice Department's antitrust suit would prove to be the death of Microsoft. At that time, the conventional wisdom suggested that the most likely punishment would take the form of a fine and/or compensatory damages--and even a record-setting fine would quickly be overtaken by Microsoft's steady earnings.

It now appears that "wisdom" was wrong, as Justice will clearly seek (if not achieve) the separation of Microsoft into two independent corporations.

This breakup, if it occurs, will throw the software industry into a spin with no certain outcome. (True story: Three days before the Justice Department's recommendations leaked, a Microsoft executive scoffed when I asked if there was any chance of a breakup.)

Yet Microsoft has another fight going on--one in the conference room, not the courtroom. It has made an important financial and strategic investment ("We bet the company," in the words of CEO Steve Ballmer) to develop Windows 2000, intended to ensure its future as an industrial-strength operating system. The early returns are in, and from a technical perspective, the new technology looks a bit uneven. Regardless, Microsoft seems to be trying to engineer a landslide in its favor.

In some ways, Windows 2000 (henceforth "Win2K") is not new. Until last spring, we were still calling it NT 5.0, and it does build on the desktop and server operating system Microsoft has been marketing (with accelerating success) since 1993. The critical difference in Win2K is that it incorporates a directory service, Active Directory service (AD).

A directory service, defined broadly, is a database of information about computer data itself, including the physical locations where data is stored, and who is authorized to use it. Directories also include critical information about those users, as well as network resources, and control of administrative functions--in short, all security information.

Directories are becoming pretty critical in the management of corporate computer resources: A good directory can become the authority for logging users in to multiple types of systems and organizing shared resources, as well as a storehouse for data controlling client/server applications.

Prior versions of NT had a sort of directory. It was relatively limited in its capabilities, totally proprietary, and lacked flexibility because its structure could not truly be designed, but was dictated by placement of servers.

AD is meant to overcome those limitations. It replaces many elements of NT's excuse for a directory, server-based domains, with a directory based upon an Internet standard, Lightweight Directory Access Protocol (LDAP). It overcomes the limits on database size and number of users, factors that made NT seem weak and unwieldy to customize, and offers a schema for defining enterprise-wide data formats that can be tapped by applications.

The list of AD benefits touted by Microsoft go on and on. Unfortunately, some of those features don't quite stand up to scrutiny.

Consider one of the long-awaited fixes of NT that AD is supposed to provide, eliminating dependency on a single Primary Domain Controller server (PDC), a scenario that could bottleneck administration and security updates if it failed. Microsoft boasts that AD is a multiple-master system because AD updates can originate at any domain control server.

This is true, but AD has divided directory functions into several components, and has quietly defined terms like Schema Master server, Domain Naming Master, and PDC Emulator. There are five critical directory functions that are focused on a single Win2K server. Yes, I said single, as in single-master system--or single point of failure.

Is this nit-picking? Yes, arguably. And though this kind of nit, and others like it, are potentially problematic, they are bearable, especially if Microsoft soon corrects them in the next point release of Windows 2000. Provided there is another release.

Another Microsoft claim about AD, and one of the most important, is that its directory schema is flexible and extensible. Given sufficient permissions, the directory schema can be updated by individuals or by programs, such as application-installation programs. Since the schema is usually enterprise-wide, and is replicated between servers (at some network bandwidth cost), powerful control of it is critical.

It turns out that Microsoft is half-correct regarding the AD schema: It is extensible, but not too flexible: Objects added to the schema can never be removed, only deactivated--at least in this release.

That's the qualifier for most current problems with AD: In this release. In its very first version, AD isn't the best enterprise directory. Heck, who would expect such a complex product to be perfect in version 1.0? In truth, AD has a lot of strengths, and its problems, can probably be fixed with further experience by its developers.

What galls many corporate IT professionals is Microsoft's refusal to acknowledge that AD has any need for improvement. In its arrogance, Microsoft has launched a campaign to convince decision-makers that AD is the best enterprise directory service, right out of the chute.

A former employee of one of the large companies that became an early adopter of Win2K and AD recently told me, "Microsoft's salespeople started at the top, selling AD to senior managers who didn't know what a directory was or whether we already had one. By the time the people who have to implement this decision got a chance to ask questions, the decision was made."

These marketing strategies put Microsoft at risk for losing the support of technical managers and implementers who have traditionally been some of their strongest supporters. Ironically, these techies are the types who normally might not care so much about a vendor's legal hassles or market share.

If the executive-level decision makers who have bought Microsoft's pitch now decide to pull the reins back on their conversion to Win2K in the light of the antitrust suit, the technical weaknesses of Active Directory may yet have a chance to be aired.

Joe Rudich is a network administrator with the St. Paul Companies in St. Paul, Minn.