-2

I have been tasked with setting up a server for my company that 5 or 6 individuals will be hitting (with one off-site needing VPN access). I have a grasp of what we need, but I want to bounce some ideas off of those who have been doing this kind of thing more consistently. I installed the operating system yesterday (Windows Server 2016) and have started to browse the services and features in the server manager.

My goal is to be able to connect the server to the Azure AD so that I do not have to configure new accounts. It seems relatively straight forward. From there I need to enable the server to hold and host videos that we review. We should be able to connect to the videos via a browser. Also, on top of that, we need to have a shared drive that we can share documents in. To finish I need to set up VPN-access for our off-site employee so that they can access all the content I have listed above (This is what I am least familiar with and will need the most help on).

Besides connecting the Azure AD to the servers AD, what else should I be looking into/configuring. The majority of features/services in the server manager setup are beyond the scope of what my company needs at the moment (simple shared documents, hosting videos and maybe images).

Do I configure the domain on Azure or does this server need its own Domain? How should I go about setting up a network drive? What are the steps/best practices to set up a browser enabled service that when you type in the path to the server, the video populates in the window? The IT department has dumped this on my group (GIS) because a myriad of issues in the past. ANY help/resources will be greatly appreciated. Thanks!

Wazzy24
  • 39
  • 1
  • 2
  • Welcome to SF...but your question is simply too broad. A couple of things: 1) break your question out into multiple ones, 2) remember that SF is really Q=A, it's not very applicable to subjective questions or questions that would require lengthy discussions back and forth. My best advice to you would be to bring in a consultant and force IT to work with you...some of the discussions I already see in the first answer below concerns me that advice given could be misinterpreted to apply to your situation and you may break things IT has set in place there. Sorry IT put you in this position. – TheCleaner Mar 09 '18 at 19:11

1 Answers1

0

My goal is to be able to connect the server to the Azure AD so that I do not have to configure new accounts.

I think you are misunderstanding how the integration between a domain controller and Azure Active Directory works. Please look at my answer to a different but related question on Windows 10 AAD Azure ad domain joined & SMB share

Also, on top of that, we need to have a shared drive that we can share documents in.

With a properly configured VPN this is very simple. Create the file shares on the server. Make sure share and NTFS permissions are set correctly for your environment's requirements. Remote users will connect to the VPN and then they can browse or even map drives to the shares using their domain credentials.

What you want to do is:

  • Install a VPN server (this can be RRAS, a firewall, or a VPN appliance)
  • Configure the VPN to provide network access to the server that hosts the shares
  • Create domain accounts in Active Directory (if you want to join Windows 10 laptops to Azure Active Directory)
  • Install Azure Active Directory Connect (if you want to join Windows 10 laptops to Azure Active Directory)
  • Configure Azure Active Directory Connect to synchronize the necessary OU in Active Directory with Azure Active Directory (if you want to join Windows 10 laptops to Azure Active Directory)
  • Create server shares
  • Configure permissions (both share and NFTS)

For a server named "ServerA" with a share named "Files" the remote user would access the share using the following process.

  1. Connect to the Internet
  2. Connect to th VPN
  3. Login to the VPN (this can be Active Directory integrated or some other authentication method depending on the capabilities of the VPN solution and how you configure it)
  4. Browse to \\ServerA\Files (the user can also map a drive letter to the share)
user5870571
  • 2,900
  • 2
  • 11
  • 33
  • Okay, if I understand you correctly any employee on site should connect to the on-site servers domain. You said I should install the AAD Connect on the on-sites server for the remote employees, am I understanding that right? All employees user accounts and machines are already controlled by the Azure AD, so I need to have Azure AD connect installed on my on-premise server so that it can synchronize requests? – Wazzy24 Mar 09 '18 at 18:05
  • On premise computers should be joined to Active Directory using the traditional process. AAD Connect is installed on the DC to synchronize passwords and user attributes from the DC to AAD. Remote users should have the laptops joined to AAD so they can authenticate using their domain username and password even if their computer is never physically in the office. – user5870571 Mar 09 '18 at 18:15