domain controller in the cloud for small office?

DustinB3403

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?

Tie in? Samba does GPO exactly like any other AD does.

So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)

scottalanmiller

@dustinb3403 said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?

Tie in? Samba does GPO exactly like any other AD does.

So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)

Nothing I said should lead you to ask that question. I think you are not clear on what GPO is.

scottalanmiller

GPO is handled identically on Samba as it is on MS AD. That alone should answer all questions. Any editor that works with MS AD with work with Samba, no editor can tell the difference, as they are identical.

scottalanmiller

@dustinb3403 said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?

Tie in? Samba does GPO exactly like any other AD does.

So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)

Why would you want this? He has Windows machines to manage, so why avoid the Windows desktop tools in a scenario that only works when you have Windows desktops?

DustinB3403

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?

Tie in? Samba does GPO exactly like any other AD does.

So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)

Nothing I said should lead you to ask that question. I think you are not clear on what GPO is.

My question was very clear, and you construed it to be something else.

Mike Davis

@scottalanmiller said in domain controller in the cloud for small office?:

Why would you want this? He has Windows machines to manage, so why avoid the Windows desktop tools in a scenario that only works when you have Windows desktops?

my Linux skills are weak, so I have no interest in using Linux.

Mike Davis

@scottalanmiller said in domain controller in the cloud for small office?:

GPO, Salt, JumpCloud, AzureAD, etc.

Hadn't heard of JumpCloud, but this may be the answer. 10 users free.

scottalanmiller

@dustinb3403 said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?

Tie in? Samba does GPO exactly like any other AD does.

So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)

Nothing I said should lead you to ask that question. I think you are not clear on what GPO is.

My question was very clear, and you construed it to be something else.

Yes, very clearly not connected to what I was talking about.

scottalanmiller

@mike-davis said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

GPO, Salt, JumpCloud, AzureAD, etc.

Hadn't heard of JumpCloud, but this may be the answer. 10 users free.

They are on here, on SW, were at SpiceWorld with a booth, too. Seems like a cool product.

gjacobse

@mike-davis said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

GPO, Salt, JumpCloud, AzureAD, etc.

Hadn't heard of JumpCloud, but this may be the answer. 10 users free.

I don't know the name either,.. and they seem like a good viable solution for 8 users..

Mike Davis

Just did the math for moving beyond 10 users. JumpCloud makes sense if you're under 14 users. Beyond that the $111 for Azure works out better.

NashBrydges

@mike-davis I've been using JumpCloud on Scott's recommendation from a few months ago. It's worked well for what I needed for my team but I don't have HIPAA requirements.

Reid Cooper

@mike-davis said in domain controller in the cloud for small office?:

@gjacobse said in domain controller in the cloud for small office?:

HIPAA security without it.

How do you create a password change policy that gets enforced without a domain controller?

Enforcement is always local, never from the controller. The Local Group Policy Editor is the standard tool for setting this on a Windows machine, or the Local Security Policy console.

With the LSP:

1. To open Local Security Policy, on the Start screen, type secpol.msc, and then press ENTER.
2. Under Security Settings of the console tree, do one of the following:
   • Click Account Policies to edit the Password Policy or Account Lockout Policy.
   • Click Local Policies to edit an Audit Policy, a User Rights Assignment, or Security Options.
3. When you find the policy setting in the details pane, double-click the security policy that you want to modify.
4. Modify the security policy setting, and then click OK.

With the LGPE

1. Open the Local Group Policy Editor (gpedit.msc).
2. In the console tree, click Computer Configuration, click Windows Settings, and then click Security Settings.
3. Do one of the following:
   • Click Account Policies to edit the Password Policy or Account Lockout Policy.
   • Click Local Policies to edit an Audit Policy, a User Rights Assignment, or Security Options.
4. In the details pane, double-click the security policy setting that you want to modify.
5. Modify the security policy setting, and then click OK.

Reference: https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/how-to-configure-security-policy-settings

Dashrender

You get baseline AzureAD by using O365 (anything other than hosted Exchange only). This is what I use at one of my clients, works great!

As for managing the machines, you can use Salt for that versus the expense of a Windows VM and licensing. though you'll have to learn Linux unless there is a Salt Master that runs on Windows - and then you're right back to the licensing issue.

Reid Cooper

@dashrender said in domain controller in the cloud for small office?:

You get baseline AzureAD by using O365 (anything other than hosted Exchange only). This is what I use at one of my clients, works great!

Does that allow for GPO? I think you still have to do GPO locally when using that. Which is fine, just use PS and you are done.

Reid Cooper

@dashrender said in domain controller in the cloud for small office?:

As for managing the machines, you can use Salt for that versus the expense of a Windows VM and licensing. though you'll have to learn Linux unless there is a Salt Master that runs on Windows - and then you're right back to the licensing issue.

I don't think that there is, but you can just run without a master.

Alex Sage

This post is deleted!

Mike Davis

@reid-cooper said in domain controller in the cloud for small office?:

Does that allow for GPO? I think you still have to do GPO locally when using that. Which is fine, just use PS and you are done.

What do you mean by "just use PS"? Is there a way to export a local group policy and push it to the rest of the machines so I don't have to log on to every desktop and do it manually?

Mike Davis

@dashrender said in domain controller in the cloud for small office?:

You get baseline AzureAD by using O365 (anything other than hosted Exchange only). This is what I use at one of my clients, works great!

I tried looking this up. Do I understand that you install the Azure AD Connect client on all the computers and it lets them sign in with their o365 credentials?

PenguinWrangler

@dustinb3403 said in domain controller in the cloud for small office?:

@scottalanmiller said in domain controller in the cloud for small office?:

@dustinb3403 said in domain controller in the cloud for small office?:

In line with this topic does SAMBA have some kind of tie in with GPO, where you can create / edit / delete GPO's from within SAMBA?

Tie in? Samba does GPO exactly like any other AD does.

So there is a Group Policy Editor that operates on CentOS or something? (no windows involved)

When you create a Samba 4 (SAMBA 4 is the key) domain, you can use the exact same tools to administer it that you would any Windows Domain controller. The caveat is it must be a Samba 4 Domain which is at a Windows 2008 functional level. You can open up RSAT on your Windows box and create new users, open up Group Policy and start pushing out GPOs. It is not hard at all, many many how-tos on how to do this. Here is one of the first links from Google.
https://www.howtoforge.com/tutorial/samba-4-domain-controller-installation-on-centos/