2

Possible Duplicate:
Can you help me with my software licensing question?

We are looking at consolidating several credential stores into Active Directory. The credentials are mainly for our clients though (like FTP and a few web based application services). If we use Active Directory on Windows Small Business Server 2003 for the credentials, do we need a CAL from Microsoft for these users?

Thanks!

Community
  • 1
Michiel van Oosterhout
  • 250
  • 1
  • 4
  • 13

4 Answers4

4

A CAL for SBS is needed for each actual user OR device that will connect. Up to 75 by default. However, you can store as many as you'd like in AD as long as your CALs allow for the number of connections necessary.

Scenario:

-You have 25 CALs

You can put 100 user accounts in AD, but only 25 connections to AD/SBS will be allowed by your CAL licensing at a given time.

More info:

http://www.microsoftvolumelicensing.com/userights/ProductPage.aspx?pid=124

Assigning a License. To assign a license means simply to designate that license to one device or user.

That says "physical device or physical user" not user accounts in AD. That means I can have TheCleaner1, TheCleaner2, TheCleaner3, TheCleanerN as accounts in AD but I can log in as any of them if I wanted to...however I can only log in to one of those accounts at any given time if I'm using a "user CAL". If I'm using a "device CAL" then I can physically go to X number of devices and log into AD with any of those accounts (where X is based on the # of device CALs I own).

See here: http://blogs.msdn.com/mssmallbiz/archive/2006/04/19/579256.aspx

It's definitely not something that seems to be spelled out in pure black and white though.

For me, device CALs have always been the simpler approach. I also believe that Microsoft wants you to understand the "intent" of the licensing and not get wrapped up too much in it...I talked with my own MVLS contact and their own answer was "just buy a device CAL for each computer and call it a day".

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 1
    That echos my understanding as of last year when I helped the "tech" (read: power user who happend to get tasked with) look into setting up a proper system for a growing Fire Department. – AnonJr Sep 10 '09 at 18:13
  • 1
    This smacks of "concurrent licensing", which Microsoft doesn't offer. User CALs are assigned to a single specific user until they leave the organization. Device CALs are assigned to a single device until it is retired. There aren't "pools" of CALs that users or devices can "draw from" while "connected". – Evan Anderson Sep 11 '09 at 00:35
  • @Evan - I agree with what you are saying but a single user can have more than one AD account they can use for any reason. Technically, in this case you should go with a "per device" CAL. I edited my post with more info to back "my cause" lol. – TheCleaner Sep 11 '09 at 13:19
1

Which kind of system will be querying AD for user informations?

If those user accounts are used to access Windows servers in the domain, you need CALs for them.

If you are only using AD as a user database (f.e. because you have some application which queries LDAP directory services), no CAL is needed.

You need CALs to access Windows servers, not to store directory objects.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Agreed - however read Massimo's words carefully OP. If you are hosting that application that queries LDAP on a Windows Server (or the SBS server), then the CAL is stil needed...at least that is my understanding of the licensing. – TheCleaner Sep 10 '09 at 18:21
  • You would then need a single CAL to access the server and make a LDAP query, I suppose. – Massimo Sep 10 '09 at 18:54
1

I would guess that you need a CAL for every device or user that authenticates to Active Directory, but don't take my word for it. The Right AnswerTM is to contact Microsoft and get clarification.

I'm seeing answers here that seem to imply that Microsoft offers "concurrent licensing" (i.e. X devices at a time, X users at a time can "connect" and use licenses out of a "pool") which, AFAIK, Microsoft hasn't offered for any product in 10+ years.

See here re: "concurrency" of CALs, as well as a lot of other good questions: http://www.microsoft.com/WindowsServer2003/sbs/evaluation/faq/licensing.mspx The question about the printer needing a CAL in that link is fairly telling, IMHO, of what I'd expect Microsoft's philosophy to be.

Some more background re: Microsoft CALs in general, with some good links: http://blogs.msdn.com/mssmallbiz/archive/2007/11/06/5942350.aspx

I would expect that the most costly "solution" is the "right" one.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • @Evan - http://blogs.msdn.com/mssmallbiz/archive/2006/04/19/579256.aspx - I wasn't referring to a pool of user CALs, but more towards this link. You are definitely correct that you can't have a "5 User CAL" license and have it used by 50 different physical people. – TheCleaner Sep 11 '09 at 13:36
-4

Each user in AD will consume a CAL.

smh
  • 7
  • 2
  • 2
    That's not correct. An user will consume a CAL only when s/he accesses some Windows server in the network; if you're using AD only as a LDAP repository to be queried by some other application, no CAL is needed. – Massimo Sep 10 '09 at 18:12
  • @Massimo: Unless this other service uses this LDAP directory with non anonymous users. Then you need CALs... – Hubert Kario May 23 '12 at 22:17