domain controller in the cloud for small office?
-
@mike-davis said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
I read it to be - I have a Win10 machine joined to Azure AD - can I create a share on that Win10 machine and other Azure AD users can use their creds to access the share on my Windows 10 machine?
yes, exactly this. That way with Azure I can set a password change policy, and when they do change their password, they can still access the share on the Windows 10 machine.
That part would work, it's just that they'd need to use different creds always.
-
@scottalanmiller said in domain controller in the cloud for small office?:
I'm often a proponent of lowering school IT budgets, the overspend that they do is absurd - to the point that the extra money often causes more issues that it solves.
Have you ever heard or seen schools using Ubiquiti and PBX instead of Cisco to help with lowering the cost?
-
@black3dynamite said in domain controller in the cloud for small office?:
@scottalanmiller said in domain controller in the cloud for small office?:
I'm often a proponent of lowering school IT budgets, the overspend that they do is absurd - to the point that the extra money often causes more issues that it solves.
Have you ever heard or seen schools using Ubiquiti and PBX instead of Cisco to help with lowering the cost?
Have I, yes. Because I've worked in schools and done that. Very few do, though, and I consider it outright corruption. Funneling money to consultancies and big businesses using schools as ways to force tax payers to prop up big companies even when their products have no value to the schools.
-
@dashrender said in domain controller in the cloud for small office?:
@mike-davis said in domain controller in the cloud for small office?:
At this point I don't know if they have any Windows 7 clients, so it may be a moot point.
I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.
Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?
Good question, let me try that. I'll be back in an hour or so.
Ug conference call, can't test this yet.
-
@dashrender said in domain controller in the cloud for small office?:
@mike-davis said in domain controller in the cloud for small office?:
At this point I don't know if they have any Windows 7 clients, so it may be a moot point.
I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.
Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?
Good question, let me try that. I'll be back in an hour or so.
Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.
As Scott said earlier, you'll have to create local a local account, then use that cred to make the sharing work.
-
@dashrender said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
@mike-davis said in domain controller in the cloud for small office?:
At this point I don't know if they have any Windows 7 clients, so it may be a moot point.
I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.
Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?
Good question, let me try that. I'll be back in an hour or so.
Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.
As Scott said earlier, you'll have to create local a local account, then use that cred to make the sharing work.
You can't, I already said that you can't. We spoke to MS about it a few weeks ago.
-
@dashrender said in domain controller in the cloud for small office?:
Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.
Thanks for giving it a rip.
-
@scottalanmiller said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
@dashrender said in domain controller in the cloud for small office?:
@mike-davis said in domain controller in the cloud for small office?:
At this point I don't know if they have any Windows 7 clients, so it may be a moot point.
I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.
Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?
Good question, let me try that. I'll be back in an hour or so.
Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.
As Scott said earlier, you'll have to create local a local account, then use that cred to make the sharing work.
You can't, I already said that you can't. We spoke to MS about it a few weeks ago.
Yep you did, but you weren't verbose about it, thanks for the additional information.
-
It's pretty dumb, I think, that they make their own authentication work so badly. Just encourages competition.
-
I spent a lot of time going in a circle on this earlier in the year. Basically, Scott was right... Azure AD doesnt do what you want. I spent a lot of time showing Scott he was wrong, spinning up Azure Domain Services, but it ended up Scott was still right and it was just a managed cloud instance of AD. For small business starting at $90 didnt make sense.
-
There's a difference between Azure AD and running a DC on a VPS.
Azure AD doesn't use Kerberos or NTLM and is meant to work with web-based services such as O365 and salesforce using SSO.
WinServer AD isn't meant to work with online services, although there are ways and through federation.
They are different and it's important to know where they fit in.
-
@tim_g said in domain controller in the cloud for small office?:
There's a difference between Azure AD and running a DC on a VPS.
Azure AD doesn't use Kerberos or NTLM ...
For those wondering, it uses SAML.
-
@scottalanmiller said in domain controller in the cloud for small office?:
@tim_g said in domain controller in the cloud for small office?:
There's a difference between Azure AD and running a DC on a VPS.
Azure AD doesn't use Kerberos or NTLM ...
For those wondering, it uses SAML.
AND OAuth 2.0.
-
@tim_g said in domain controller in the cloud for small office?:
There's a difference between Azure AD and running a DC on a VPS.
Azure AD doesn't use Kerberos or NTLM and is meant to work with web-based services such as O365 and salesforce using SSO.
WinServer AD isn't meant to work with online services, although there are ways and through federation.
They are different and it's important to know where they fit in.
In the beginning Azure AD looked like a web service to replace ADAM (I think it was called) but it definitely evolved beyond that with Windows login support.
I remember feeling very clever when I discovered Azure Domain Services, I men's it works great with servers on Azure. When I discovered the base charge was $90/month I was pretty much done with Azure for small business ideas
-
@penguinwrangler said in domain controller in the cloud for small office?:
My friend who is a tech director for my kids school is having his budget slashed by a superintendent who doesn't think that much of technology. About 750 kids in the district (rural area) he has about 400-500 machines to manage. His budget is $20,000 for the year. So we are moving him to all open source. Moving from Novell eDirectory to a Samba 4 domain. Doing anything and everything to save him money.
Identity Management (FreeIPA) would be great if you want to expose the kids to Linux.
One of the easiest things I’ve ever set up.
-
@mike-davis do you have an hhs.gov or gpo.gov link to where it mentions the requirement for passwords to be changed?
How do you create a password change policy that gets enforced without a domain controller?
-
From what I have ever seen there is no mention of the requirement of invalidating passwords after any period of time. I have seen the following mention about passwords but this is all. Requiring users to change passwords is generally bad practice. Only change them when a security incident is suspected or known.
45 CFR Subtitle A §164.308 (D) Password management (Addressable). Procedures for creating, changing, and safeguarding passwords.
-
For 8 computers use a cloud based LDAP like JumpCloud. It's free for <10 users but as many computers as you have. You install the agent which can then push a standard user profiles to the machines. Passwords of the user are managed in JumpCloud for the devices. It also has a RADIUS service for quick deployment to APs.
-
@scottalanmiller said in domain controller in the cloud for small office?:
They are on here, on SW, were at SpiceWorld with a booth, too. Seems like a cool product.
who from JumpCloud is on here?
-
Chromebooks for HIPAA is an ideal solution. Ticks all the boxes for encryption and security and then you have Citrix/VMWare/AWS, Chrome Apps/Extensions, Android Apps for pretty much any thing you think you can't do on one but can.
@dashrender said in domain controller in the cloud for small office?:
Remember, LANLess is the desire now.. so no local servers unless absolutely required - use things like ODfB or Nextcloud.
