ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    When do you need AD?

    Scheduled Pinned Locked Moved IT Discussion
    windows serveractive directory
    41 Posts 7 Posters 7.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch @Carnival Boy
      last edited by

      @Carnival-Boy said:

      Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

      Very little in the SMB space authenticates to AD. Not even Office365.

      C scottalanmillerS alexntgA 3 Replies Last reply Reply Quote 0
      • T
        technobabble @JaredBusch
        last edited by

        @JaredBusch Pretty much what I was thinking.

        1 Reply Last reply Reply Quote 0
        • T
          technobabble @Carnival Boy
          last edited by

          @Carnival-Boy said:

          Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

          Really small business are a weird animal, but sometimes there are times to bring AD controls for these offices. I will say I never thought there was another option to having different user account/password for every application.

          1 Reply Last reply Reply Quote 0
          • C
            Carnival Boy @JaredBusch
            last edited by

            @JaredBusch said:

            Very little in the SMB space authenticates to AD. Not even Office365.

            Oh really? Why not? Does that not make user management and control a lot of hassle? Not a problem if you had half a dozen users, but if you had a 100, or even 50, I'd expect issues.

            JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @Carnival Boy
              last edited by

              @Carnival-Boy said:

              @JaredBusch said:

              Very little in the SMB space authenticates to AD. Not even Office365.

              Oh really? Why not? Does that not make user management and control a lot of hassle? Not a problem if you had half a dozen users, but if you had a 100, or even 50, I'd expect issues.

              It comes down to cost. The cost of setting up and maintaining something that is not really needed. A lot of SMB use QuickBooks for example. So if we assume they are on the hosted version now, that is tied to their Intuit username and password. there is no way to tie that to AD.

              A second example is Office 365. There is nothing to gain by having AD. Everything is shared with others via OneDrive and Sharepoint. additionally, to even connect Office 365 to an external AD controller takes a DC and a second server running the sync application. This is way more investment than is needed for pretty much any SMB that has moved hosted as per the topic subject.

              1 Reply Last reply Reply Quote 0
              • C
                Carnival Boy
                last edited by

                I see. This may be a dumb question, but how do you users authenticate to Office 365 without AD? Do they have to login each time? Or do they login to AD and then used cached credentials to access O365?

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Carnival Boy
                  last edited by

                  @Carnival-Boy said:

                  Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

                  That depends on the cloud app. Most don't integrate with AD. But you don't need AD. You have similar controls in the apps.

                  SSO applications can fix the multi login issues. Or something like KeePass.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @JaredBusch
                    last edited by

                    @JaredBusch said:

                    @Carnival-Boy said:

                    Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

                    Very little in the SMB space authenticates to AD. Not even Office365.

                    Office 365 does.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Carnival Boy
                      last edited by

                      @Carnival-Boy said:

                      @JaredBusch said:

                      Very little in the SMB space authenticates to AD. Not even Office365.

                      Oh really? Why not? Does that not make user management and control a lot of hassle? Not a problem if you had half a dozen users, but if you had a 100, or even 50, I'd expect issues.

                      It does. Two different options for it even.

                      1 Reply Last reply Reply Quote 0
                      • IRJI
                        IRJ
                        last edited by

                        Frankly, If you can afford any type of IT support I think you should have AD. Group Policy makes setting standards and changes very easy. Not to mention other advantages like WSUS and package deployments.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender
                          last edited by

                          I agree with IRJ - AD's biggest advantage is centralized management of end user workstations. Sure there are a handful of web clients that can do some of the features, but non that I'm personally aware of that do the same job as AD.

                          In a 20 or less, maybe those other tools are worth while, more than 20 - time to seriously consider AD still.

                          I really like the idea of using Pertino with an Azure server, I'm just not sure how it will handle deploying GPOs, etc.

                          1 Reply Last reply Reply Quote 1
                          • JaredBuschJ
                            JaredBusch @scottalanmiller
                            last edited by

                            @scottalanmiller said:

                            @JaredBusch said:

                            @Carnival-Boy said:

                            Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

                            Very little in the SMB space authenticates to AD. Not even Office365.

                            Office 365 does.

                            Office365 can integrate with AD, I never said that it did not. I said SMB did not. That said, I just checked again and the recently added Medium business plan under the SMB section of Office 365 does offer AD integration.

                            But my point still stands that it is a complete waste of money. You have to use DirSync and that means a minimum of two servers. One server to be the DC and a second server to run DirSync. Which means, no, you should not have AD in the SMB that is completely hosted.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • alexntgA
                              alexntg @JaredBusch
                              last edited by alexntg

                              @JaredBusch said:

                              @Carnival-Boy said:

                              Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

                              Very little in the SMB space authenticates to AD. Not even Office365.

                              Some do use AD to authenticate to Office 365 using DirSync. It makes it a bit simpler for the users to have only one password for both their computer and their email.

                              It really comes down to a couple points. The first is topology. If it's a distributed environment with hosted resources, AD makes less sense, as it would require VPN (DirectAccess or otherwise) to manage the computers properly. The second point is the tech prowess of the user base. If they're good at taking care of their endpoints, AD's less of an issue. If they need help with passwords frequently and otherwise neglect their endpoints, AD's the way to go.

                              Edit: Jared gave more detail before I could post this. Friends don't let friends use O365 SMB tenants.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @JaredBusch
                                last edited by

                                @JaredBusch said:

                                @scottalanmiller said:

                                @JaredBusch said:

                                @Carnival-Boy said:

                                Don't you use AD to control access to your cloud applications? Or if you don't, how to do you control and secure multiple cloud applications other than having to have a different user account and password for every application you use?

                                Very little in the SMB space authenticates to AD. Not even Office365.

                                Office 365 does.

                                Office365 can integrate with AD, I never said that it did not. I said SMB did not. That said, I just checked again and the recently added Medium business plan under the SMB section of Office 365 does offer AD integration.

                                But my point still stands that it is a complete waste of money. You have to use DirSync and that means a minimum of two servers. One server to be the DC and a second server to run DirSync. Which means, no, you should not have AD in the SMB that is completely hosted.

                                One Windows license gives you two VMs though. So that works out.

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  One Windows license gives you two VMs though. So that works out.

                                  I agree with that statement, but the point of the original question was whether or not to keep AD when there was no other use for an on site server. Thus my answer of no, do not keep AD as it is a waste of money. The offset to that is how much time (and thus money) do you think having AD can save by giving you GPO and such.

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    Carnival Boy
                                    last edited by

                                    You're right. If everything is cloud based, there is little point in having AD. However, I've never come across an SMB that is in the position of having nothing on premise. Maybe in a micro-business, but any company with 30+ users I would expect to continue to need AD for some years. If a company was in that fortunate position, I would definitely go with Google Apps rather than O365.

                                    I actually posed the same question on Spiceworks a couple of years ago, when I wrote "I'm starting to imagine what life would be like without Active Directory. I'm not there yet, but I can imagine it happening sooner rather than later." Two years on and I'm not really any closer.

                                    I was more thrown by your statement "Very little in the SMB space authenticates to AD. Not even Office365". I can't imagine having to support two user databases, one in AD and one in O365. That sounds like a nightmare to me.

                                    JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 1
                                    • alexntgA
                                      alexntg
                                      last edited by

                                      NTG's actually a good example of a company that doesn't need AD. Everything's handled via Office 365, and the end users are more than capable of caring for their devices.

                                      1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender
                                        last edited by

                                        Along the same lines of this discussion - and I'll create a new one if needed - What do you do about shared files?

                                        I looked into what it takes use OneDrive for Business as a sole shared 'network' location for files - man it didn't go well. I have a requirement of still using locally installed Office apps, not web apps.

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          Carnival Boy
                                          last edited by

                                          Interesting. What problems did you have?

                                          DashrenderD 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @Carnival Boy
                                            last edited by

                                            @Carnival-Boy said:

                                            I was more thrown by your statement "Very little in the SMB space authenticates to AD. Not even Office365". I can't imagine having to support two user databases, one in AD and one in O365. That sounds like a nightmare to me.

                                            Why is this hard to imagine? In my experience, very few applications used by an SMB tie in to AD. Generally, the biggest thing an SMB uses AD for is file share permissions followed by their email (Exchange). Generally these SMB have/had a SBS server. The next biggest thing I see AD used for is the accounting package, if it is beyond just QuickBooks.

                                            From the IT side of the house, yes, there are many more uses of AD. But IT is an money black hole to most SMB owners (wrongly I might add, but still their opinion). So it becomes the job of the IT person to prove the cost effectiveness of having things like WSUS, GPO, etc.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post