When do you need AD?
-
@Carnival-Boy said:
I was more thrown by your statement "Very little in the SMB space authenticates to AD. Not even Office365". I can't imagine having to support two user databases, one in AD and one in O365. That sounds like a nightmare to me.
Why is this hard to imagine? In my experience, very few applications used by an SMB tie in to AD. Generally, the biggest thing an SMB uses AD for is file share permissions followed by their email (Exchange). Generally these SMB have/had a SBS server. The next biggest thing I see AD used for is the accounting package, if it is beyond just QuickBooks.
From the IT side of the house, yes, there are many more uses of AD. But IT is an money black hole to most SMB owners (wrongly I might add, but still their opinion). So it becomes the job of the IT person to prove the cost effectiveness of having things like WSUS, GPO, etc.
-
Jared, what would you replace WSUS and GPOs with?
-
@Carnival-Boy said:
Interesting. What problems did you have?
I couldn't figure out how to save a newly created file directly back to Onedrive for Business, nor did I see how to share the files easily like my current local server based S: drive.
Granted I only spent about 20 mins working on it with a customer looking over my shoulder.
-
@Dashrender said:
I couldn't figure out how to save a newly created file directly back to Onedrive for Business, nor did I see how to share the files easily like my current local server based S: drive.
Granted I only spent about 20 mins working on it with a customer looking over my shoulder.
When you hit save as, you just pick the OneDrive location. If you don't have Office 2013, then you can find the OneDrive in the Favorites in windows 7 unless it was manually removed. If it was then it is in %HOMEPATH%
-
@Dashrender said:
Jared, what would you replace WSUS and GPOs with?
That comes down to the size of the business and what other things you have on the machines. Something like GFIMax will help with some of it. I personally would prefer to keep AD, but when it means you are buying a server and Windows Server license and setting up 2 VM's jsut for AD so you can have WSUS and GPO the cost/expense numbers get skewed.
-
@JaredBusch
You're saying two VM's because of the sync for O365, right? Otherwise you'd only need one.And in a situation where all of your other services are cloud based - the desktop model servers from HP are extremely inexpensive, so the cost is really not that bad.
-
I couldn't get a save as option like yours.. but again i haven't worked very hard on it yet.
We're on windows 8.1 for the testing I was doing if that make any difference, with Office 2013.
-
@Carnival-Boy said:
You're right. If everything is cloud based, there is little point in having AD. However, I've never come across an SMB that is in the position of having nothing on premise. Maybe in a micro-business, but any company with 30+ users I would expect to continue to need AD for some years. If a company was in that fortunate position, I would definitely go with Google Apps rather than O365.
I actually posed the same question on Spiceworks a couple of years ago, when I wrote "I'm starting to imagine what life would be like without Active Directory. I'm not there yet, but I can imagine it happening sooner rather than later." Two years on and I'm not really any closer.
I was more thrown by your statement "Very little in the SMB space authenticates to AD. Not even Office365". I can't imagine having to support two user databases, one in AD and one in O365. That sounds like a nightmare to me.
Most businesses, even the Fortune 100, have multiple user databases. Often many. SMBs are not well prepared for SSO. I'm not sure that I've ever worked anywhere with a single user database. And obviously anyone using Spiceworks has to have two or more.
-
Is SSO even something that is truly real?
I use Lastpass - for webpage it simulates SSO, but it's obviously not really SSO - it simply helps me with username/password management.
Am I correct in thinking SSO solutions do the same, when they work?
-
@Dashrender said:
Is SSO even something that is truly real?
SSO's real. In its purest sense, it's connecting systems together for authentication without further user interaction. An example would be using ADFS to facilitate a seamless login into a partner's extranet or binding Samba to LDAP. A step down is like DirSync where it synchronizes the second system's credentials with the first, allowing users to use the same user and password, even though each system is its own login.
The kicker is that some compliance needs prevent use of SSO for fear of a single username/password allowing for an attacker to be able to access nearly any system.
*Edited for spelling
-
@Dashrender said:
Is SSO even something that is truly real?
Very real and quite common. All larger firms I've worked with use them.
-
I suppose another form of SSO is Facebook/google/microsoft live (or whatever they are calling it today) logons... a single logon that allows a user to bounce from system to system.
Clearly I'm working in the wrong environments as I've never seen this outside of the above mentioned items.
-
@scottalanmiller said:
Most businesses, even the Fortune 100, have multiple user databases. Often many. SMBs are not well prepared for SSO. I'm not sure that I've ever worked anywhere with a single user database. And obviously anyone using Spiceworks has to have two or more.
Not that I've worked for, they don't. There are separate user accounts for various LOB applications, like payroll for example, but these aren't managed centrally by the IT department, they're user managed. But even then, AD sits behind it, because the programs and files are located on servers where access is controlled by AD. So even if someone knew the username and password for the payroll application, they couldn't even get to the sign-on screen without logging on with a valid AD account first. Application passwords are primarily about preventing internal users from access rather than preventing external attacks - so security is less of an issue than it is with AD, and hence can fall outside of the IT department's control.
-
@Dashrender said:
I couldn't get a save as option like yours.. but again i haven't worked very hard on it yet.
We're on windows 8.1 for the testing I was doing if that make any difference, with Office 2013.
My screenshot was from office 2013 on windows 8.1.
-
@JaredBusch said:
@Dashrender said:
I couldn't get a save as option like yours.. but again i haven't worked very hard on it yet.
We're on windows 8.1 for the testing I was doing if that make any difference, with Office 2013.
My screenshot was from office 2013 on windows 8.1.
Does one drive for business only show up if you are using the O365 version of office? I have the VL version of Office 2013 installed, and I don't currently see a way to open onedrive for business. I see onedrive there.
-
Nevermind solved that problem
I logged into my O365 in Word - now I see my SharePoint site, and my business OneDrive... and there is the personal one drive, but it wants me to log into that (seems odd).
Is there a way to get OneDrive for Business into Windows Explorer like there is for OneDrive for home users?
-
@Dashrender said:
Nevermind solved that problem
I logged into my O365 in Word - now I see my SharePoint site, and my business OneDrive... and there is the personal one drive, but it wants me to log into that (seems odd).
Is there a way to get OneDrive for Business into Windows Explorer like there is for OneDrive for home users?
Yes. You map Sharepoint drives. It's slightly different.
-
@Dashrender said:
Nevermind solved that problem
I logged into my O365 in Word - now I see my SharePoint site, and my business OneDrive... and there is the personal one drive, but it wants me to log into that (seems odd).
Is there a way to get OneDrive for Business into Windows Explorer like there is for OneDrive for home users?
Once you've opened a document from SharePoint, it should remember it.
-
@Dashrender said:
Nevermind solved that problem
I logged into my O365 in Word - now I see my SharePoint site, and my business OneDrive... and there is the personal one drive, but it wants me to log into that (seems odd).
Is there a way to get OneDrive for Business into Windows Explorer like there is for OneDrive for home users?
I had to do a bizarre dance to get ODfB to show up. Been rock solid since.
