ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Large network of Windows machines without AD - GO!

    Scheduled Pinned Locked Moved IT Discussion
    68 Posts 10 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @Dashrender said in Large network of Windows machines without AD - GO!:

      @scottalanmiller said in Large network of Windows machines without AD - GO!:

      @Obsolesce said in Large network of Windows machines without AD - GO!:

      @IRJ said in Large network of Windows machines without AD - GO!:

      @Obsolesce said in Large network of Windows machines without AD - GO!:

      At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

      Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

      I was under the impression no on-prem stuff like that.

      AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

      To me this basically breaks down to LAN-centric or LANless...

      Right, which can both be on or off prem.

      DashrenderD ObsolesceO 2 Replies Last reply Reply Quote 0
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said in Large network of Windows machines without AD - GO!:

        @Dashrender said in Large network of Windows machines without AD - GO!:

        @scottalanmiller said in Large network of Windows machines without AD - GO!:

        @Obsolesce said in Large network of Windows machines without AD - GO!:

        @IRJ said in Large network of Windows machines without AD - GO!:

        @Obsolesce said in Large network of Windows machines without AD - GO!:

        At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

        Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

        I was under the impression no on-prem stuff like that.

        AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

        To me this basically breaks down to LAN-centric or LANless...

        Right, which can both be on or off prem.

        The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution

        yeah I know you can do things like Direct Access, or setup VPNs to the AD stuff, etc.
        talk about fragile!

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in Large network of Windows machines without AD - GO!:

          The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution

          Not weird at all. Do it all the time. Did it today. AD is designed to work just fine off prem.

          DashrenderD 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @scottalanmiller
            last edited by

            @scottalanmiller said in Large network of Windows machines without AD - GO!:

            @Dashrender said in Large network of Windows machines without AD - GO!:

            The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution

            Not weird at all. Do it all the time. Did it today. AD is designed to work just fine off prem.

            I mean I get it - I do it daily as well. My AD servers are at my main location, and we have two remote sites with P2P VPNs and all authentication comes back to the main location, etc.

            But this solution just sucks when it comes to really mobile users. VPNs that users have to manage just suck!

            IF you can get ZT to work, I suppose that would be awesome, but ZT and AD don't play well together.

            ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce @scottalanmiller
              last edited by

              @scottalanmiller said in Large network of Windows machines without AD - GO!:

              @Dashrender said in Large network of Windows machines without AD - GO!:

              @scottalanmiller said in Large network of Windows machines without AD - GO!:

              @Obsolesce said in Large network of Windows machines without AD - GO!:

              @IRJ said in Large network of Windows machines without AD - GO!:

              @Obsolesce said in Large network of Windows machines without AD - GO!:

              At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

              Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

              I was under the impression no on-prem stuff like that.

              AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

              To me this basically breaks down to LAN-centric or LANless...

              Right, which can both be on or off prem.

              Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

              Just looking at that and the 200 Windows devices... no other considerations....

              Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

              DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @Dashrender
                last edited by Obsolesce

                @Dashrender said in Large network of Windows machines without AD - GO!:

                @scottalanmiller said in Large network of Windows machines without AD - GO!:

                @Dashrender said in Large network of Windows machines without AD - GO!:

                The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution

                Not weird at all. Do it all the time. Did it today. AD is designed to work just fine off prem.

                I mean I get it - I do it daily as well. My AD servers are at my main location, and we have two remote sites with P2P VPNs and all authentication comes back to the main location, etc.

                But this solution just sucks when it comes to really mobile users. VPNs that users have to manage just suck!

                IF you can get ZT to work, I suppose that would be awesome, but ZT and AD don't play well together.

                AD and on/off-prem isn't the point. AD is lan-based, whether on or off-prem. That doens't matter.

                AAD != AD, so different fruit; different tech all the way through.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @Obsolesce
                  last edited by

                  @Obsolesce said in Large network of Windows machines without AD - GO!:

                  @scottalanmiller said in Large network of Windows machines without AD - GO!:

                  @Dashrender said in Large network of Windows machines without AD - GO!:

                  @scottalanmiller said in Large network of Windows machines without AD - GO!:

                  @Obsolesce said in Large network of Windows machines without AD - GO!:

                  @IRJ said in Large network of Windows machines without AD - GO!:

                  @Obsolesce said in Large network of Windows machines without AD - GO!:

                  At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

                  Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

                  I was under the impression no on-prem stuff like that.

                  AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

                  To me this basically breaks down to LAN-centric or LANless...

                  Right, which can both be on or off prem.

                  Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

                  Just looking at that and the 200 Windows devices... no other considerations....

                  Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                  because local apps require windows.

                  ObsolesceO 1 Reply Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @Dashrender
                    last edited by

                    @Dashrender said in Large network of Windows machines without AD - GO!:

                    @Obsolesce said in Large network of Windows machines without AD - GO!:

                    @scottalanmiller said in Large network of Windows machines without AD - GO!:

                    @Dashrender said in Large network of Windows machines without AD - GO!:

                    @scottalanmiller said in Large network of Windows machines without AD - GO!:

                    @Obsolesce said in Large network of Windows machines without AD - GO!:

                    @IRJ said in Large network of Windows machines without AD - GO!:

                    @Obsolesce said in Large network of Windows machines without AD - GO!:

                    At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

                    Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

                    I was under the impression no on-prem stuff like that.

                    AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

                    To me this basically breaks down to LAN-centric or LANless...

                    Right, which can both be on or off prem.

                    Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

                    Just looking at that and the 200 Windows devices... no other considerations....

                    Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                    because local apps require windows.

                    I see. Well you could dish it out to an MSP for super cheap and quit your job!

                    DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said in Large network of Windows machines without AD - GO!:

                      But this solution just sucks when it comes to really mobile users. VPNs that users have to manage just suck!

                      Sure, but there weren't mobile users in your initial example. Nor were any mobile users that might have been overlooked addressed with the existing AD solution.

                      I agree, that AD and VPN such for mobile users. But the question was about replacing AD, not about addressing something we didn't know about.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Obsolesce
                        last edited by

                        @Obsolesce said in Large network of Windows machines without AD - GO!:

                        Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                        Good thing to look at, but I assume a requirement from somewhere.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @Obsolesce
                          last edited by

                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                          @Dashrender said in Large network of Windows machines without AD - GO!:

                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                          @scottalanmiller said in Large network of Windows machines without AD - GO!:

                          @Dashrender said in Large network of Windows machines without AD - GO!:

                          @scottalanmiller said in Large network of Windows machines without AD - GO!:

                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                          @IRJ said in Large network of Windows machines without AD - GO!:

                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                          At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

                          Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

                          I was under the impression no on-prem stuff like that.

                          AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

                          To me this basically breaks down to LAN-centric or LANless...

                          Right, which can both be on or off prem.

                          Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

                          Just looking at that and the 200 Windows devices... no other considerations....

                          Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                          because local apps require windows.

                          I see. Well you could dish it out to an MSP for super cheap and quit your job!

                          LOL - it's not my network - someone else asked me - and I figured it was better to have a discussion here.

                          ObsolesceO 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Obsolesce
                            last edited by

                            @Obsolesce said in Large network of Windows machines without AD - GO!:

                            @Dashrender said in Large network of Windows machines without AD - GO!:

                            @Obsolesce said in Large network of Windows machines without AD - GO!:

                            @scottalanmiller said in Large network of Windows machines without AD - GO!:

                            @Dashrender said in Large network of Windows machines without AD - GO!:

                            @scottalanmiller said in Large network of Windows machines without AD - GO!:

                            @Obsolesce said in Large network of Windows machines without AD - GO!:

                            @IRJ said in Large network of Windows machines without AD - GO!:

                            @Obsolesce said in Large network of Windows machines without AD - GO!:

                            At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

                            Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

                            I was under the impression no on-prem stuff like that.

                            AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

                            To me this basically breaks down to LAN-centric or LANless...

                            Right, which can both be on or off prem.

                            Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

                            Just looking at that and the 200 Windows devices... no other considerations....

                            Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                            because local apps require windows.

                            I see. Well you could dish it out to an MSP for super cheap and quit your job!

                            The MSP model is so strong that quite often internal IT can do that... bring so much cost savings to the table that you can stop working (but still get paid) and have an MSP do it all for you and the company makes out. This is actually quite common. It's so easy to do, in fact, that the title "IT Manager" often refers to someone doing this, and they often use a VAR accidentally instead of an MSP and it still works out well enough that people don't catch on.

                            1 Reply Last reply Reply Quote 0
                            • ObsolesceO
                              Obsolesce @Dashrender
                              last edited by

                              @Dashrender said in Large network of Windows machines without AD - GO!:

                              @Obsolesce said in Large network of Windows machines without AD - GO!:

                              @Dashrender said in Large network of Windows machines without AD - GO!:

                              @Obsolesce said in Large network of Windows machines without AD - GO!:

                              @scottalanmiller said in Large network of Windows machines without AD - GO!:

                              @Dashrender said in Large network of Windows machines without AD - GO!:

                              @scottalanmiller said in Large network of Windows machines without AD - GO!:

                              @Obsolesce said in Large network of Windows machines without AD - GO!:

                              @IRJ said in Large network of Windows machines without AD - GO!:

                              @Obsolesce said in Large network of Windows machines without AD - GO!:

                              At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

                              Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

                              I was under the impression no on-prem stuff like that.

                              AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

                              To me this basically breaks down to LAN-centric or LANless...

                              Right, which can both be on or off prem.

                              Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

                              Just looking at that and the 200 Windows devices... no other considerations....

                              Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                              because local apps require windows.

                              I see. Well you could dish it out to an MSP for super cheap and quit your job!

                              LOL - it's not my network - someone else asked me - and I figured it was better to have a discussion here.

                              Ah, i see. There's so many options, and there's no single-size-fits-all option either. So it, as always, depends on the full picture, all things considered IMHO.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • ObsolesceO
                                Obsolesce @Dashrender
                                last edited by

                                @Dashrender said in Large network of Windows machines without AD - GO!:

                                So Scott is always talking about ditching AD - so I'm asking - how would you ditch AD from a 200+ workstation/laptop environment where the users must remain using Windows on their local devices due to application requirements (let's not bring VDI/RDS into this at this time - that could be another thread).

                                How do you manage and get knowledge that systems are updated?
                                What user accounts are on the machine - and how do they get there?
                                Do you have a single admin level account pre-setup on every machine?
                                What about situations where users roam from computer to computer?
                                What about mapping network resources like printers and fileshares?

                                How many active users?

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @Obsolesce
                                  last edited by

                                  @Obsolesce said in Large network of Windows machines without AD - GO!:

                                  @Dashrender said in Large network of Windows machines without AD - GO!:

                                  So Scott is always talking about ditching AD - so I'm asking - how would you ditch AD from a 200+ workstation/laptop environment where the users must remain using Windows on their local devices due to application requirements (let's not bring VDI/RDS into this at this time - that could be another thread).

                                  How do you manage and get knowledge that systems are updated?
                                  What user accounts are on the machine - and how do they get there?
                                  Do you have a single admin level account pre-setup on every machine?
                                  What about situations where users roam from computer to computer?
                                  What about mapping network resources like printers and fileshares?

                                  How many active users?

                                  I'll start a new thread for my exact environment.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @marcinozga
                                    last edited by

                                    @marcinozga said in Large network of Windows machines without AD - GO!:

                                    Ever tried equivalent of journalctl -f in Powershell?

                                    I've never needed it on Linux, why would I need it on Windows?

                                    This type of fringe logic is stupid.

                                    1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch @marcinozga
                                      last edited by JaredBusch

                                      @marcinozga said in Large network of Windows machines without AD - GO!:

                                      This is completely bullshit argument. Setting up Samba as DC takes 5-10 mins, installing Ansible literally takes seconds, setting up windows machines for Ansible management is a single powershell script. Neither is time consuming or complex, it's even easier than setting up native Windows DC.

                                      Compare the same things. Just enabling the DC roles is a matter of minutes too. Windows Server is a not any more or less complicated.

                                      @marcinozga said in Large network of Windows machines without AD - GO!:

                                      And if your IT staff can't handle basic stuff, it's time to replace them with competent ones, or outsource it.

                                      There is no such thing as basic when it comes to Network Design/Engineering tasks. You have no clue what you are talking about.

                                      1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @marcinozga
                                        last edited by

                                        @marcinozga said in Large network of Windows machines without AD - GO!:

                                        Again, nonsense. It does take some work to create Ansible playbooks or roles, but so it does setting up things in AAD or Intune.

                                        Except you just argued that exact thing in the open of your post. that it only takes 5-10 minutes.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Obsolesce
                                          last edited by

                                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                                          @Dashrender said in Large network of Windows machines without AD - GO!:

                                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                                          @Dashrender said in Large network of Windows machines without AD - GO!:

                                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                                          @scottalanmiller said in Large network of Windows machines without AD - GO!:

                                          @Dashrender said in Large network of Windows machines without AD - GO!:

                                          @scottalanmiller said in Large network of Windows machines without AD - GO!:

                                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                                          @IRJ said in Large network of Windows machines without AD - GO!:

                                          @Obsolesce said in Large network of Windows machines without AD - GO!:

                                          At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.

                                          Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.

                                          I was under the impression no on-prem stuff like that.

                                          AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.

                                          To me this basically breaks down to LAN-centric or LANless...

                                          Right, which can both be on or off prem.

                                          Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.

                                          Just looking at that and the 200 Windows devices... no other considerations....

                                          Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.

                                          because local apps require windows.

                                          I see. Well you could dish it out to an MSP for super cheap and quit your job!

                                          LOL - it's not my network - someone else asked me - and I figured it was better to have a discussion here.

                                          Ah, i see. There's so many options, and there's no single-size-fits-all option either. So it, as always, depends on the full picture, all things considered IMHO.

                                          That's true of essentially everything in IT. Every good product has a valid use somewhere.

                                          1 Reply Last reply Reply Quote 0
                                          • notverypunnyN
                                            notverypunny @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Large network of Windows machines without AD - GO!:

                                            @notverypunny said in Large network of Windows machines without AD - GO!:

                                            Would something like Zentyal be appropriate?

                                            Just a package of Samba 4 which is just a third party AD. So this is just another way of saying to use Samba, which is another way of saying "keep AD." 🙂

                                            If the question is "how can I more affordably do AD", then Zentyal is a great AD distro. But if the question is "how do I ditch AD", Zentyal isn't ditching it at all.

                                            Fair enough, I read "without AD" and my mind went to "without M$"

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 4 / 4
                                            • First post
                                              Last post