Going from Active Directory Domain to workgroup?
-
We have a customer that is sunsetting and he needs a new server.
He has been on an AD domain for decades with a full staff, but now there are only two people.....
I am considering moving him to a workgroup, but I have one question to resolve before I move forward.....
How do you handle user accounts and password?
The way I understand it, is that I will create a username and password for each of them on the server and then use mapped drives and URIs for their data.
What happens if they change their password at their PC, do I have to change it to match at the server?
How are you doing it?
And before you ask why a file server, and why mapped drives? The answer is: because.
-
When going from AD to Workgroup you'll need to create local profiles on each computer for each person if they move between the computers. If they never use the other computer, then it likely won't be needed. Only their own profile on their computer
You should have a local administer account on all machines regardless as a just in case, use a complex password and disable it if you feel at risk. Or - will the users have local administrator rights to their computer allowing them to do and install anything. (risky).
File Server - or just call it a NAS. Yes,.. separate passwords here can be a bother,.. but 'easy enough' Even an off-domain computer can access a file share if you have domain credentials - I do so all the time at the office on a fresh imaged PC.
Here at home I have a dozen computers that are non-domain and non-Microsoft Sign-on and a central NAS. Some folders in the NAS are open READ (movies, music) some are password access with username. And separate UserNames from the Desktop.
-
@JasGot I guess fileserver is on Windows OS:
You need to have different users on fileserver, if you want them to have different access rights to folders.
Then, on remote machines, you need to give usernames/passwords from fileserver, when you map (access) fileserver folders.Usernames and passwords for accessing OSes on remote PCs does not have any connection to those on fileserver. Those are different accounts (local)
-
Distinct fileserver users need different folder access rights.
When mapping fileserver folders on distant workstations, you must provide usernames/passwords.
Usernames and passwords for distant OSes aren't linked to fileserver. Different stories (local) https://mangolassi.it/topic/24831/going-from-active-directory-domain-to-workgroup/3 idle breakout -
D doofusbowling referenced this topic on
-
Sorry I wasn't more clear about my question. But it did get answered. Thanks for the input.
-
if you want the users to transparently access the fileserver, then yes, when you change the password on the workstation, you would have to change the password on the server (someone remotes into the server, updates the password to match - done).
If you don't care about transparent access, then the user's have their own local (or MS ) account on their PCs.
The server has it's own set of users created for each person who will have access to the file server.
When the end user of the PC connects to the file server, they willp present their server created credentials, that information is stored by windows and from that point it's transparent.
IF the user changes their password on the PC, the mapped drive will continue as if nothing has changed. -
@Dashrender said in Going from Active Directory Domain to workgroup?:
if you want the users to transparently access the fileserver, then yes, when you change the password on the workstation, you would have to change the password on the server (someone remotes into the server, updates the password to match - done).
If you don't care about transparent access, then the user's have their own local (or MS ) account on their PCs.
The server has it's own set of users created for each person who will have access to the file server.
When the end user of the PC connects to the file server, they willp present their server created credentials, that information is stored by windows and from that point it's transparent.
IF the user changes their password on the PC, the mapped drive will continue as if nothing has changed.Thanks. I was hoping there was a trick to sync them, although I didn't think there was; and if it isn't a registry, policy. or powershell trick, I would probably avoid it.
(and thanks for staying on topic!)
-
@JasGot said in Going from Active Directory Domain to workgroup?:
(and thanks for staying on topic!)
Save this...
