Large network of Windows machines without AD - GO!
-
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
-
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution
yeah I know you can do things like Direct Access, or setup VPNs to the AD stuff, etc.
talk about fragile! -
@Dashrender said in Large network of Windows machines without AD - GO!:
The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution
Not weird at all. Do it all the time. Did it today. AD is designed to work just fine off prem.
-
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution
Not weird at all. Do it all the time. Did it today. AD is designed to work just fine off prem.
I mean I get it - I do it daily as well. My AD servers are at my main location, and we have two remote sites with P2P VPNs and all authentication comes back to the main location, etc.
But this solution just sucks when it comes to really mobile users. VPNs that users have to manage just suck!
IF you can get ZT to work, I suppose that would be awesome, but ZT and AD don't play well together.
-
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
-
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
The idea of AD off prem is - weird... so I don't really consider AD an off-prem solution
Not weird at all. Do it all the time. Did it today. AD is designed to work just fine off prem.
I mean I get it - I do it daily as well. My AD servers are at my main location, and we have two remote sites with P2P VPNs and all authentication comes back to the main location, etc.
But this solution just sucks when it comes to really mobile users. VPNs that users have to manage just suck!
IF you can get ZT to work, I suppose that would be awesome, but ZT and AD don't play well together.
AD and on/off-prem isn't the point. AD is lan-based, whether on or off-prem. That doens't matter.
AAD != AD, so different fruit; different tech all the way through.
-
@Obsolesce said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
because local apps require windows.
-
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
because local apps require windows.
I see. Well you could dish it out to an MSP for super cheap and quit your job!
-
@Dashrender said in Large network of Windows machines without AD - GO!:
But this solution just sucks when it comes to really mobile users. VPNs that users have to manage just suck!
Sure, but there weren't mobile users in your initial example. Nor were any mobile users that might have been overlooked addressed with the existing AD solution.
I agree, that AD and VPN such for mobile users. But the question was about replacing AD, not about addressing something we didn't know about.
-
@Obsolesce said in Large network of Windows machines without AD - GO!:
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
Good thing to look at, but I assume a requirement from somewhere.
-
@Obsolesce said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
because local apps require windows.
I see. Well you could dish it out to an MSP for super cheap and quit your job!
LOL - it's not my network - someone else asked me - and I figured it was better to have a discussion here.
-
@Obsolesce said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
because local apps require windows.
I see. Well you could dish it out to an MSP for super cheap and quit your job!
The MSP model is so strong that quite often internal IT can do that... bring so much cost savings to the table that you can stop working (but still get paid) and have an MSP do it all for you and the company makes out. This is actually quite common. It's so easy to do, in fact, that the title "IT Manager" often refers to someone doing this, and they often use a VAR accidentally instead of an MSP and it still works out well enough that people don't catch on.
-
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
because local apps require windows.
I see. Well you could dish it out to an MSP for super cheap and quit your job!
LOL - it's not my network - someone else asked me - and I figured it was better to have a discussion here.
Ah, i see. There's so many options, and there's no single-size-fits-all option either. So it, as always, depends on the full picture, all things considered IMHO.
-
@Dashrender said in Large network of Windows machines without AD - GO!:
So Scott is always talking about ditching AD - so I'm asking - how would you ditch AD from a 200+ workstation/laptop environment where the users must remain using Windows on their local devices due to application requirements (let's not bring VDI/RDS into this at this time - that could be another thread).
How do you manage and get knowledge that systems are updated?
What user accounts are on the machine - and how do they get there?
Do you have a single admin level account pre-setup on every machine?
What about situations where users roam from computer to computer?
What about mapping network resources like printers and fileshares?How many active users?
-
@Obsolesce said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
So Scott is always talking about ditching AD - so I'm asking - how would you ditch AD from a 200+ workstation/laptop environment where the users must remain using Windows on their local devices due to application requirements (let's not bring VDI/RDS into this at this time - that could be another thread).
How do you manage and get knowledge that systems are updated?
What user accounts are on the machine - and how do they get there?
Do you have a single admin level account pre-setup on every machine?
What about situations where users roam from computer to computer?
What about mapping network resources like printers and fileshares?How many active users?
I'll start a new thread for my exact environment.
-
@marcinozga said in Large network of Windows machines without AD - GO!:
Ever tried equivalent of
journalctl -fin Powershell?I've never needed it on Linux, why would I need it on Windows?
This type of fringe logic is stupid.
-
@marcinozga said in Large network of Windows machines without AD - GO!:
This is completely bullshit argument. Setting up Samba as DC takes 5-10 mins, installing Ansible literally takes seconds, setting up windows machines for Ansible management is a single powershell script. Neither is time consuming or complex, it's even easier than setting up native Windows DC.
Compare the same things. Just enabling the DC roles is a matter of minutes too. Windows Server is a not any more or less complicated.
@marcinozga said in Large network of Windows machines without AD - GO!:
And if your IT staff can't handle basic stuff, it's time to replace them with competent ones, or outsource it.
There is no such thing as basic when it comes to Network Design/Engineering tasks. You have no clue what you are talking about.
-
@marcinozga said in Large network of Windows machines without AD - GO!:
Again, nonsense. It does take some work to create Ansible playbooks or roles, but so it does setting up things in AAD or Intune.
Except you just argued that exact thing in the open of your post. that it only takes 5-10 minutes.
-
@Obsolesce said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Dashrender said in Large network of Windows machines without AD - GO!:
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
@IRJ said in Large network of Windows machines without AD - GO!:
@Obsolesce said in Large network of Windows machines without AD - GO!:
At that point you're needing to use something like Ansible Tower with Okta or similar anyways. Does Samba do 2FA/MFA? I have never looked. Maybe Okta and Samba work together, i don't know. To me, it seems like the MSP will have a full time job on their hands for a long time, for a single client.
Yes you can sync your on prem LDAP to Okta, but thats still not changing the environement you are still basically using AD.
I was under the impression no on-prem stuff like that.
AFAIK the only person mentioning on or off prem was you. I only mentioned it in response to you, not to the OP.
To me this basically breaks down to LAN-centric or LANless...
Right, which can both be on or off prem.
Oh he did mention on-prem LAN based file shares, printers, apps, etc., also roaming users and system patching management and monitoring.
Just looking at that and the 200 Windows devices... no other considerations....
Sure, Ansible. Samba. I'd question why keep Windows then, with only those considerations.
because local apps require windows.
I see. Well you could dish it out to an MSP for super cheap and quit your job!
LOL - it's not my network - someone else asked me - and I figured it was better to have a discussion here.
Ah, i see. There's so many options, and there's no single-size-fits-all option either. So it, as always, depends on the full picture, all things considered IMHO.
That's true of essentially everything in IT. Every good product has a valid use somewhere.
-
@scottalanmiller said in Large network of Windows machines without AD - GO!:
@notverypunny said in Large network of Windows machines without AD - GO!:
Would something like Zentyal be appropriate?
Just a package of Samba 4 which is just a third party AD. So this is just another way of saying to use Samba, which is another way of saying "keep AD."
If the question is "how can I more affordably do AD", then Zentyal is a great AD distro. But if the question is "how do I ditch AD", Zentyal isn't ditching it at all.
Fair enough, I read "without AD" and my mind went to "without M$"
