I'm setting up a local logon server, simply to handle user logons and enforce some group policies. Ideally we could do with not pointing a genuine domain to the server. Is there any way of setting up a domain controller without a domain (using a fake local domain). Or even better, can Active Directory be used without a domain controller?
Asked
Active
Viewed 1,304 times
2 Answers
2
No the domain controller is a fundamental part of Active Directory. It handles the login requests and is the source of group policy data so you won't get very far without it.
It's not advised anymore but I doubt you will really see any serious issues in your environment by using the old some-appropriate-name.local method.
USD Matt
- 5,321
- 14
- 23
-
I'll try the some-appropriate-name.local approach.. That's exactly what I was looking for. Thanks! – Matt Ward Dec 05 '18 at 10:13
-
3Regarding the naming: be advised that [`.local` is not recommended anymore](https://serverfault.com/questions/17255/top-level-domain-domain-suffix-for-private-network). – Gerald Schneider Dec 05 '18 at 10:15
2
If I understand correctly, you have a single server that you wish to use in isolation but still apply some policy to it.
You have a two approaches...
Use it stand alone, you can have Local User accounts and configure Local Policy on the server, there is no requirement for Active Directory per se to simply apply policy on a system.
Configure the system itself as a stand alone domain controller, this might give you some options should you want to expand the deployment for any reason or use applications that depend on Active Directory. Microsoft advice is not to use '.local', but instead to use a real domain name - however this doesn't need to be a top level domain like 'customer.com', it can be a sub-domain - like 'test.customer.com'. See Active Directory: Best Practices for Internal Domain and Network Names
Alex Moore
- 1,654
- 4
- 11