-10

I'm not a Windows guy. And all my working life was managing Mac and Linux. Why should I have a Windows domain controller?

I know what Active Directory is, but I'm not a Microsoft expert. And on paper everything is beautiful, but the reality that I have, is that it does't work, and it is not helping me doing my job. That's why I am thinking, or not, to shutdown the domain controller.

I only see disadvantages.

What I have:

  • 90 computers to 90 people.
  • Five printers, login is different and not centralized, because it's difficult to use a strong password in a printer.
  • 1/3 uses Google Apps and the other use a Linux mail server.
  • All our business applications run on Linux server.
  • Our files are in a Linux NAS.
  • All the computes are different (it's a nightmare)
  • Some have laptops and are always moving (inside and outside the company)
  • We are behind a Cisco Adaptive Security Appliance (ASA) firewall
  • DNS is on a Cisco router and I'm planning to move DHCP to a switch (I'm not authorized to manage the router)

In my point of view:

  • It's just another thing to go wrong.
  • A machine in a domain is slower to login.
  • Less stuff is better. And less work too.
  • We have a Windows Server 2008 licence, but it's not a very good machine and I'm removing all the applications from the Windows servers.
  • I'm planning to buy new laptops and they have Windows 8 and in a few days Windows 8.1, and I don't know if Windows 8 behaves well with older servers!
  • I don't like to spend money on Windows licences and servers.

For me is just a extra server consuming 400 watts... Am I wrong?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Jamexcb
  • 9
  • 3
  • 5
    I am at a complete loss for words. – Wesley Oct 02 '13 at 22:11
  • 6
    This is essentially how this question reads to the rest of us: `"Hi, I'm interested learning about Active Directory. Here are a bunch of things about it that are completely false. I'm totally misinformed here, someone prove me wrong."` I think what you need is a good book, or some time at the [Microsoft Virtual Academy's AD courses](http://www.microsoftvirtualacademy.com/training-courses/understanding-active-directory#fbid=VyxmhdqRHoX) – MDMarra Oct 02 '13 at 22:16
  • 1
    The reason we're closing this as a duplicate of the mentioned question is because you're sadly misinformed about what active directory does and how it works. You really, really need to read up on that, set up a lab on some virtual machines and try it now. – Mark Henderson Oct 02 '13 at 22:41
  • 2
    Hating on Microsoft just because they are Microsoft was old 10 years ago. – longneck Oct 02 '13 at 22:57
  • This is not like/dislike Microsoft. Try to manage different hardware and drivers, updates on an Windows server and then tell me if is simpler. Linux make an list of IPs and in 5 min you can update all of them. Or MAc OS server for update all clientes its really simpler. Or use radmind. – Jamexcb Oct 02 '13 at 23:09
  • 2
    @Jamexcb - if you have Active Directory you can do the same thing for Windows. Push out an update; apply a setting; enforce a policy. Set it up once in the central location and all the clients will apply it. You really, really need to stop pulling excuses out of your arse and actually find out what AD does before throwing out excuses about why it's useless – Mark Henderson Oct 02 '13 at 23:19
  • 1
    Sorry to continue ranting, but we have a single AD that manages computers in two different buildings connected via a WAN. We have about 100 users on terminal servers, plus internal users, with a combination of different laptops, desktops and servers. We even have Linux servers authenticating against the AD, and single sign on with other LDAP apps. Everyone has their AD username/password and that's it. No different usernames for this and that. The NAS, SVN, Linux shells, *everything* authenticates with the same credentials. WSUS handles pushing out Windows updates to machines who need it – Mark Henderson Oct 02 '13 at 23:24
  • Yes thats is on the paper, on the setup that i inherited, the updates and setups don't allways work, and its a mess. I will try a clean setup on a vm and guivit a second chance. But will be a nightmare to put all down and up again. – Jamexcb Oct 02 '13 at 23:24
  • Yes for the linux server, mail, nas, i have only one user. But i have other to printers, and other to windows. Printers its a problem because its dificult to put strong passwords on a small screen with a pen :P – Jamexcb Oct 02 '13 at 23:26
  • @MDMarra i was tired of googling i didn't see that... thanks – Jamexcb Oct 02 '13 at 23:29
  • @Wesley , lol my factory is the factory of Wesley.pt. Please fell free to delete my Question "-8" people think that i am a MS hater. – Jamexcb Oct 02 '13 at 23:35
  • 1
    Nobody cares about your opinion of microsoft - it's just that on the face of it, the question seems insane. If you want, perhaps try again, and ask something like "is there any advantage to using a domain for this network instead of a workgroup?" – Falcon Momot Oct 03 '13 at 02:04

1 Answers1

11

Let's break this down one by one

It's just anorther thing to go wrong.

No, it's about 10,000 less things to go wrong. One place to sort out logins, instead of 90. One place to manage printers, instead of 90. Apply settings to 90 computers at once, instead of 90.

A machine in a domain is slower to login.

No it's not

Less stuff is better. And less work too.

This is just wrong. Active directory makes substantially less work. I shudder at the thought of managing even 10 computers without AD, let alone 90!

We have a Win Server 2008 licence but it's not a very good machine and i'm removing all the aplication from the windows servers.

This isn't a question. But even so, a domain controller for 90 computers does not need to be very powerful. Our AD servers here are virtual machines with 1GB of RAM and almost no vCPU.

I'm planning to buy new laptops and they have win8 and in a few days 8.1 and i don't know if win8 behaves well with olders servers!

Yes. Microsoft are very good at backwards compatibility with active directory.

I don't like to spend money on Windows licences and servers.

You know what I don't like? Doing things 90 times, or having different settings on everyone's computers, or having 90 non-connected usernames, or having to go to someone's computer to do things like reset a password or apply a setting.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • 1
    Thanks for the answer. So is just for the login? The printes only can use LDAP. And if i have to replace a machine the time to configure a domain in a single user pc is the same to create an account. So were do i inprove my time? Thanks – Jamexcb Oct 02 '13 at 22:54
  • 1
    No! It is not just for logon! Have you not read anything we've written, or the linked questions? There is no domain in a single user PC. You're in way over your head and you really, really need to read up on what AD is, what it does, and how if you do it right, the ONLY thing you need to do with a new computer is join it to the domain (literally, that's it - the AD will do *everything* else - set settings, install printers, set the background, the screensaver, password policies, software policies, *everything*). AD has LDAP so you can still connect your existing LDAP AAA to it. – Mark Henderson Oct 02 '13 at 23:16
  • I do a lot Linux work at work and recently I have been learning how to use Windows Server 2012 on VM... I have to tell you Windows Server 2012 is really powerful - I am really glad I have been experimenting it. It is not hard to use - in fact much easier than Linux to be honest. What I have learnt so for: Install AD, Config AD, Config DHCP Server, DNS, Users, and GPO. Now I am experimenting software install via GPO and next im going to learn about WSUS. It took me 2 days already to learn all that. Not hard at all. – I'll-Be-Back Oct 02 '13 at 23:31
  • @I'll-Be-Back 2 days thats good. Imagine, i arrived at this factory an everything didn't work. Internet was so terrible i stop using facebook... ping to a local server sometimes 5000-7000ms, very old hardware, SPAM everyere, no backups, spaguetti cables. 2 days it's good. – Jamexcb Oct 02 '13 at 23:46