domain controller in the cloud for small office?
-
@dashrender said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler Why are you ripping out what is in place, isn't he licensed for it all currently?
I get his budget is being cut, but that doesn't effect what the school district already has deployed.
When was the last time Novell eDirectory was updated? He might simply be trying to modernize.
True. . I was just asking though.
-
@dashrender said in domain controller in the cloud for small office?:
No, Windows 10 will join an Azure AD just like it joins a local onsite AD. Then any users in your O365 system can log into the computers.
I'll have to find a spare Windows 10 box so I can run through the "Join this device to Azure Active Directory" wizard. I have a spare Windows 7 box on my bench, but Windows 7 is not supported.
-
I found this chart of features:
https://azure.microsoft.com/en-us/pricing/details/active-directory/It looks like:
MDM auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State RoamingIs available in the Premium P1 and up. $6/user /month
At that price the $26/month domain controller running on Vultr looks like a pretty good deal. Combine it with ZeroTier and I should be all set.
-
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler Why are you ripping out what is in place, isn't he licensed for it all currently?
I get his budget is being cut, but that doesn't effect what the school district already has deployed.
His renewal is coming up soon, that is why we are replacing it.
-
@penguinwrangler said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler Why are you ripping out what is in place, isn't he licensed for it all currently?
I get his budget is being cut, but that doesn't effect what the school district already has deployed.
His renewal is coming up soon, that is why we are replacing it.
Ah.
As to the next question, why aren't you implementing NethServer and Samba 4 from there?
-
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler Why are you ripping out what is in place, isn't he licensed for it all currently?
I get his budget is being cut, but that doesn't effect what the school district already has deployed.
His renewal is coming up soon, that is why we are replacing it.
Ah.
As to the next question, why aren't you implementing NethServer and Samba 4 from there?
Because Samba 4 domain on a CentOS server without all the extra NethServer stuff is slimmer and runs bettter. Also it is just as easy to administer.
-
@penguinwrangler said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler said in domain controller in the cloud for small office?:
@dustinb3403 said in domain controller in the cloud for small office?:
@penguinwrangler Why are you ripping out what is in place, isn't he licensed for it all currently?
I get his budget is being cut, but that doesn't effect what the school district already has deployed.
His renewal is coming up soon, that is why we are replacing it.
Ah.
As to the next question, why aren't you implementing NethServer and Samba 4 from there?
Because Samba 4 domain on a CentOS server without all the extra NethServer stuff is slimmer and runs bettter. Also it is just as easy to administer.
Makes sense, just confirming.
-
@mike-davis said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
You get baseline AzureAD by using O365 (anything other than hosted Exchange only). This is what I use at one of my clients, works great!
I tried looking this up. Do I understand that you install the Azure AD Connect client on all the computers and it lets them sign in with their o365 credentials?
No, you just use AzureAD. There is nothing to install.
-
@mike-davis said in domain controller in the cloud for small office?:
@penguinwrangler said in domain controller in the cloud for small office?:
When you create a Samba 4
If you have the CentOS box in the cloud, are you running a site to site VPN directly to the CentOS box from the router onsite and setting the clients to use the CentOS box for DNS?
Samba AD is identical to Windows AD. So you do everything the same, just at lower cost.
-
@penguinwrangler said in domain controller in the cloud for small office?:
My friend who is a tech director for my kids school is having his budget slashed by a superintendent who doesn't think that much of technology. About 750 kids in the district (rural area) he has about 400-500 machines to manage. His budget is $20,000 for the year. So we are moving him to all open source. Moving from Novell eDirectory to a Samba 4 domain. Doing anything and everything to save him money.
If he wasn't using open source and was wasting money before, I'd not have thought much of technology either. Still running Novell in this day and age? I'm often a proponent of lowering school IT budgets, the overspend that they do is absurd - to the point that the extra money often causes more issues that it solves.
-
@mike-davis said in domain controller in the cloud for small office?:
spare Windows 7 box on my bench, but Windows 7 is not supported.
Nope, but you can upgrade it for free to Windows 10.. so there you go.
-
@mike-davis said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
That said, Passwords being the main thing that @Mike-Davis asked about, that's handled through O365 itself, no GPOs needed.
This is true. o365 admin center lets you create password change policies. If the Azure AD will let me create shares based on o365 usernames, I'll be all set.
Shares? From what server?
-
@dashrender said in domain controller in the cloud for small office?:
@penguinwrangler said in domain controller in the cloud for small office?:
My friend who is a tech director for my kids school is having his budget slashed by a superintendent who doesn't think that much of technology. About 750 kids in the district (rural area) he has about 400-500 machines to manage. His budget is $20,000 for the year. So we are moving him to all open source. Moving from Novell eDirectory to a Samba 4 domain. Doing anything and everything to save him money.
In all seriousness, $20K may or may not be enough for this particular year - we really don't know. One thing we do know, that would be enough to replace only about 20 PCs (30 if you scrimp), so let's hope for his sake that he doesn't need to replace much equipment.
$20K should go a lot farther than that with PCs. Forty at a minumum. $500 for a desktop is a lot in a school setting.
-
@penguinwrangler said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
@penguinwrangler said in domain controller in the cloud for small office?:
My friend who is a tech director for my kids school is having his budget slashed by a superintendent who doesn't think that much of technology. About 750 kids in the district (rural area) he has about 400-500 machines to manage. His budget is $20,000 for the year. So we are moving him to all open source. Moving from Novell eDirectory to a Samba 4 domain. Doing anything and everything to save him money.
In all seriousness, $20K may or may not be enough for this particular year - we really don't know. One thing we do know, that would be enough to replace only about 20 PCs (30 if you scrimp), so let's hope for his sake that he doesn't need to replace much equipment.
I volunteer and help him. It is not enough money. All of his machines are old, some are 10+ years old. He prays they last because all he can do is repair what breaks.
If there is an availability of time, carefully designed whiteboxes could get costs low, like $250.
-
@mike-davis said in domain controller in the cloud for small office?:
I found this chart of features:
https://azure.microsoft.com/en-us/pricing/details/active-directory/It looks like:
MDM auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State RoamingIs available in the Premium P1 and up. $6/user /month
At that price the $26/month domain controller running on Vultr looks like a pretty good deal. Combine it with ZeroTier and I should be all set.
The question is - do you need those other functions? In my case I didn't/don't. The included Azure AD as a function of O365 is enough for my needs. So, if you have an O365 Business Essentials or any of the E plans, you should be able to just join a Win10 machine to Azure AD using the user's O365 creds and go.
-
@mike-davis said in domain controller in the cloud for small office?:
I found this chart of features:
https://azure.microsoft.com/en-us/pricing/details/active-directory/It looks like:
MDM auto-enrollment, Self-Service Bitlocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State RoamingIs available in the Premium P1 and up. $6/user /month
At that price the $26/month domain controller running on Vultr looks like a pretty good deal. Combine it with ZeroTier and I should be all set.
Yeah, but what YOU need is free. So what does the $6/u/m have to do with your pricing decision?
-
We have an incredibly basic AD domain setup, are they any benefits of staying on local AD vs moving to Azure? We already have O365, so it sounds like the free tier is already available to us.
I've been thinking of switching for a while simply to try and eliminate password sharing, I feel like if their desktop login is the same as their email password they'd be more inclined to keep it private.
-
@scottalanmiller said in domain controller in the cloud for small office?:
Yeah, but what YOU need is free. So what does the $6/u/m have to do with your pricing decision?
Well I don't work for free. So if I have to visit every desktop, I have to bill for that. With only 8 machines I have to weight that cost vs spinning up a windows Server and joining all the computers. I'll have to visit every desktop at least once to get them to leave the domain of the company they are spitting from.
-
@bnrstnr said in domain controller in the cloud for small office?:
We have an incredibly basic AD domain setup, are they any benefits of staying on local AD vs moving to Azure? We already have O365, so it sounds like the free tier is already available to us.
I've been thinking of switching for a while simply to try and eliminate password sharing, I feel like if their desktop login is the same as their email password they'd be more inclined to keep it private.
How simple is simple? If you are deploying setting via GP, you should look into your options with Azure before making the switch.
Also, Azure AD doesn't (as far as I know) support Windows Server OSs... so if you have local file shares, you wouldn't have an authentication solution there (unless the AD Sync solution works - no clue on my part).
Lastly, Azure AD only supports Windows 10.
-
@mike-davis said in domain controller in the cloud for small office?:
@scottalanmiller said in domain controller in the cloud for small office?:
Yeah, but what YOU need is free. So what does the $6/u/m have to do with your pricing decision?
Well I don't work for free. So if I have to visit every desktop, I have to bill for that. With only 8 machines I have to weight that cost vs spinning up a windows Server and joining all the computers. I'll have to visit every desktop at least once to get them to leave the domain of the company they are spitting from.
Hopefully you have remove access for that - but that's really beside the point.
So you're already visiting them to make them leave their current domain (good luck with profiles), then you'll either have to join them to another domain, or Azure AD or leave them in workgroup mode. So there is little if any additional work here anyhow.