ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Is not bringing PCs in Domain is a sin?

    Scheduled Pinned Locked Moved Solved IT Discussion
    40 Posts 10 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      I know I tend to agree with Dustin, Though others don't.

      What issues are you having?

      Perhaps instead of using Server 2012 as a file server - you should convert it to a NextCloud server and move to a LANless setup.

      What other functions besides File services is the server providing? Obviously, for the file server portion it's providing authentication, but your home user PCs are are not getting PC based authentication from the server - one can ask, how important is that?

      Also, to save significantly on licensing, you could ditch the Windows Server and install a Fedora Server with an SMB share. To the Windows machines it would look identical. Heck you could seutp AD using all Fedora on the server side removing all server side licensing and still having AD - you can even use the Windows AD tools in most cases. (FYI - DHCP/DNS are not AD tools, so you'd have to use the Linux tools for that assuming you ran those from the Fedora box)

      DustinB3403D 1 Reply Last reply Reply Quote 2
      • DustinB3403D
        DustinB3403 @Dashrender
        last edited by DustinB3403

        @Dashrender said in Is not bringing PCs in Domain is a sin?:

        Also, to save significantly on licensing, you could ditch the Windows Server and install a Fedora Server with an SMB share. To the Windows machines it would look identical. Heck you could seutp AD using all Fedora on the server side removing all server side licensing and still having AD - you can even use the Windows AD tools in most cases. (FYI - DHCP/DNS are not AD tools, so you'd have to use the Linux tools for that assuming you ran those from the Fedora box)

        He could also setup a domain controller (it's not AD) on Fedora at no cost and centralize the user administration. Won't help with GPO, but could limit some of the issues I imagine he's having with 75 workstation systems. .

        DashrenderD coliverC scottalanmillerS 3 Replies Last reply Reply Quote 0
        • DashrenderD
          Dashrender @DustinB3403
          last edited by Dashrender

          @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

          @Dashrender said in Is not bringing PCs in Domain is a sin?:

          Also, to save significantly on licensing, you could ditch the Windows Server and install a Fedora Server with an SMB share. To the Windows machines it would look identical. Heck you could seutp AD using all Fedora on the server side removing all server side licensing and still having AD - you can even use the Windows AD tools in most cases. (FYI - DHCP/DNS are not AD tools, so you'd have to use the Linux tools for that assuming you ran those from the Fedora box)

          He could also setup a domain controller (it's not AD) on Fedora at no cost and centralize the user administration. Won't help with GPO, but could limit some of the issues I imagine he's having with 75 workstation systems. .

          It simulates AD's functions - and as I understand it - it does provide GPO, because GPOs are just a folder structure that Windows Pro/Enterprise machines pull off DCs and apply locally. So as long as Fedora's implementation of a domain controller creates the needed folders in SMB file shares, then the workstations should pull that data just fine.

          DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 2
          • coliverC
            coliver @DustinB3403
            last edited by

            @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

            @Dashrender said in Is not bringing PCs in Domain is a sin?:

            Also, to save significantly on licensing, you could ditch the Windows Server and install a Fedora Server with an SMB share. To the Windows machines it would look identical. Heck you could seutp AD using all Fedora on the server side removing all server side licensing and still having AD - you can even use the Windows AD tools in most cases. (FYI - DHCP/DNS are not AD tools, so you'd have to use the Linux tools for that assuming you ran those from the Fedora box)

            He could also setup a domain controller (it's not AD) on Fedora at no cost and centralize the user administration. Won't help with GPO, but could limit some of the issues I imagine he's having with 75 workstation systems. .

            Samba 4 does provide GPO.

            dbeatoD 1 Reply Last reply Reply Quote 1
            • DustinB3403D
              DustinB3403 @Dashrender
              last edited by

              @Dashrender said in Is not bringing PCs in Domain is a sin?:

              it does provide GPO

              Never knew that, but that's awesome.

              1 Reply Last reply Reply Quote 0
              • dbeatoD
                dbeato @coliver
                last edited by

                @coliver Yup, and it is all based on registry settings so it shouldn't be dependent of Microsoft only.

                DashrenderD JaredBuschJ 2 Replies Last reply Reply Quote 1
                • DashrenderD
                  Dashrender @dbeato
                  last edited by Dashrender

                  @dbeato said in Is not bringing PCs in Domain is a sin?:

                  @coliver Yup, and it is all based on registry settings so it shouldn't be dependent of Microsoft only.

                  huh? Does anything other then MS Products use registry settings? or is compatible with MS registry settings?

                  As I understand GPOs, they are files stored in SMB file shares (very specific ones) that are accessed by the workstations at a given interval, and then applied to the workstations. As far as I know, it's a pull only system.

                  All that said - the GPO being hosted from a 'nix based domain controller instead of Windows is pretty cool!

                  coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @dbeato
                    last edited by

                    @dbeato said in Is not bringing PCs in Domain is a sin?:

                    @coliver Yup, and it is all based on registry settings so it shouldn't be dependent of Microsoft only.

                    Umm... Microsoft is the only system with a "registry"

                    Other operating systems have other means of doing things.

                    F 1 Reply Last reply Reply Quote 0
                    • F
                      flaxking @JaredBusch
                      last edited by

                      @JaredBusch said in Is not bringing PCs in Domain is a sin?:

                      @dbeato said in Is not bringing PCs in Domain is a sin?:

                      @coliver Yup, and it is all based on registry settings so it shouldn't be dependent of Microsoft only.

                      Umm... Microsoft is the only system with a "registry"

                      Other operating systems have other means of doing things.

                      I think @dbeato means that GPOs mostly just configures registry settings, so Group Policy is not required for managing Windows systems.

                      DashrenderD 1 Reply Last reply Reply Quote 1
                      • coliverC
                        coliver @Dashrender
                        last edited by

                        @Dashrender said in Is not bringing PCs in Domain is a sin?:

                        @dbeato said in Is not bringing PCs in Domain is a sin?:

                        @coliver Yup, and it is all based on registry settings so it shouldn't be dependent of Microsoft only.

                        huh? Does anything other then MS Products use registry settings? or is compatible with MS registry settings?

                        As I understand GPOs, they are files stored in SMB file shares (very specific ones) that are accessed by the workstations at a given interval, and then applied to the workstations. As far as I know, it's a pull only system.

                        All that said - the GPO being hosted from a 'nix based domain controller instead of Windows is pretty cool!

                        Pretty much this. GPOs are just XML files that tell the client machine how to configure itself. It's stored in a file structure.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @openit
                          last edited by

                          @openit said in Is not bringing PCs in Domain is a sin?:

                          or not using Domain is sin

                          We don't use domains most of the time. You need a qualifying reason to consider a domain. There are lots of qualifying reasons. But it should be anything but an automatic assumption. And every day it gets less common and/or appropriate.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @DustinB3403
                            last edited by

                            @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

                            Generally speaking, if you're in a Windows world, and have more than 10 or so computers you would want to setup a domain to centralize your administration of the computers.

                            I put the number at 12, not 10. It was 10 officially from MS marketing in the late 1990s in the pre-AD days. But factors have changed and 10 is definitely on the low side.

                            I'd not state it as "above X you want it", it's more "under X you don't want to consider it". If you are above X, it's just worth evaluating.

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @DustinB3403
                              last edited by

                              @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

                              Managing more than 10 or so individually is vastly more time consuming than using GPO from a DC to manage the workstations.

                              Individually is hard, yes. But GPO isn't the only alternative, not even the only MS alternative. AD + GPO is just one of many "group management" options for Windows desktops. A common one, even a good one, but just one of many.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @scottalanmiller
                                last edited by

                                @scottalanmiller said in Is not bringing PCs in Domain is a sin?:

                                @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

                                Managing more than 10 or so individually is vastly more time consuming than using GPO from a DC to manage the workstations.

                                Individually is hard, yes. But GPO isn't the only alternative, not even the only MS alternative. AD + GPO is just one of many "group management" options for Windows desktops. A common one, even a good one, but just one of many.

                                Considering this is a post asking if having AD or not - I'm surprised you didn't list any alternatives...

                                1 Reply Last reply Reply Quote 2
                                • scottalanmillerS
                                  scottalanmiller @openit
                                  last edited by

                                  @openit said in Is not bringing PCs in Domain is a sin?:

                                  We have windows server 2012, AD installed and using for File Server, now slowly we have some 75 computers, and very less home editions.

                                  At 75 machines, assuming all Windows, AD is a pretty obvious choice. Not the only, but if that's all on one LAN it's a pretty good way to go in nearly all cases.

                                  AD itself doesn't provide file sharing, though. You can do that in a number of ways. People often associate SMB file sharing with AD because of the simple integration, but they are unrelated services.

                                  1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @flaxking
                                    last edited by

                                    @flaxking said in Is not bringing PCs in Domain is a sin?:

                                    @JaredBusch said in Is not bringing PCs in Domain is a sin?:

                                    @dbeato said in Is not bringing PCs in Domain is a sin?:

                                    @coliver Yup, and it is all based on registry settings so it shouldn't be dependent of Microsoft only.

                                    Umm... Microsoft is the only system with a "registry"

                                    Other operating systems have other means of doing things.

                                    I think @dbeato means that GPOs mostly just configures registry settings, so Group Policy is not required for managing Windows systems.

                                    Well, that's certainly true, GPO is not required for managing Windows systems, but it's a pretty good one, at least in my eye.

                                    Though for centrally managing Windows clients - I'd love to see what other people are using, and the associated costs?

                                    I know Intune can do it - but that's very spendy.
                                    Salt stack will get there some day
                                    Salt in general can probably do it - but requires a lot on the administrators side to know how to create (are they called playbooks?) and the specifics of registry entries to create those playbooks.
                                    Local Powershell with list of PCs and local admin username/passwords (assuming no centralized password setup)

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @DustinB3403
                                      last edited by

                                      @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

                                      He could also setup a domain controller (it's not AD) on Fedora at no cost and centralize the user administration. Won't help with GPO, but could limit some of the issues I imagine he's having with 75 workstation systems. .

                                      That's a great option. But it is very worth noting that it is AD, it's just not Microsoft AD. It's AD from Samba. But it's full AD. It does GPO as well, even though GPO isn't part of AD. The Samba solution implements GPO as well. It's actually all handled by SMB.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in Is not bringing PCs in Domain is a sin?:

                                        @DustinB3403 said in Is not bringing PCs in Domain is a sin?:

                                        @Dashrender said in Is not bringing PCs in Domain is a sin?:

                                        Also, to save significantly on licensing, you could ditch the Windows Server and install a Fedora Server with an SMB share. To the Windows machines it would look identical. Heck you could seutp AD using all Fedora on the server side removing all server side licensing and still having AD - you can even use the Windows AD tools in most cases. (FYI - DHCP/DNS are not AD tools, so you'd have to use the Linux tools for that assuming you ran those from the Fedora box)

                                        He could also setup a domain controller (it's not AD) on Fedora at no cost and centralize the user administration. Won't help with GPO, but could limit some of the issues I imagine he's having with 75 workstation systems. .

                                        It simulates AD's functions - and as I understand it - it does provide GPO, because GPOs are just a folder structure that Windows Pro/Enterprise machines pull off DCs and apply locally. So as long as Fedora's implementation of a domain controller creates the needed folders in SMB file shares, then the workstations should pull that data just fine.

                                        That's correct. It's full AD, not a simulation. And GPO, being just an SMB share structure, it does that natively as well. It actually did GPO decades before it did AD.

                                        The AD portion doesn't need to do it, though. You can do it by hand.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said in Is not bringing PCs in Domain is a sin?:

                                          huh? Does anything other then MS Products use registry settings? or is compatible with MS registry settings?

                                          No, but it is MS workstations that we are talking about 🙂

                                          DashrenderD 1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Is not bringing PCs in Domain is a sin?:

                                            @Dashrender said in Is not bringing PCs in Domain is a sin?:

                                            huh? Does anything other then MS Products use registry settings? or is compatible with MS registry settings?

                                            No, but it is MS workstations that we are talking about 🙂

                                            Out of context it looks like I'm talking weird... I was pretty sure nothing else did/does... but Daniel's comment was weird and pulled my question.

                                            scottalanmillerS dbeatoD 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post