We help IT Professionals succeed at work.

Convert workgroup to domain using Windows Server

2,208 Views
Last Modified: 2012-05-05
Our church has a workgroup with 17 PCs that I want to convert to a domain using Windows Server 2003 (2008?).  The motivation is to have a file server that all can access with some folders restricted to certain users.

For a few months I been getting around the 10 connection limit on a workgroup with network attached storage drive running Linux with Samba, but doesn't have the backup/restore and file access features rich enough for what we need.  And I thought about going to Ubuntu Linux as a Server with Samba, but as a non-profit, we can get Windows Server and CALs at a very reasonable price, so Windows Server looks like the best option for us.  But I'm not trainned on Windows Server, so I'm looking for some guidance on where I can learn, and the easiest way to convert.

I'm not interested in going the whole Microsoft route with IIS, .NET, Exhange, etc.  I'm very happy running Apache, MySQL and using our ISP for email.  Maybe Exchange one day, but not now.  I just want a file server without connection restrictions with folders that can be restricted to certain users.  

I've been reading about Windows Server on Microsoft TechNet and discovered a lot of server roles, and I don't know how many of them are obsolutely needed just to get a good file server.  So any advice you have is welcome, and here are a few specific questions:

1.  Can I continue to use our router for internet access, DHCP, and routing of certain ports to specific PCs?  I'm using Remote Desktop Connection by mapping ports 3389, 3390,etc to different PCs.  I tried VPN once, but it didn't work with AOL ISP and there was the cost of the client software.

I work at a large computer software company with VPN, so I know once I'm connected via VPN, I can use Remote Desktop Connection, but with our church workgroup, we just give the web site domain name and a port number which I've used to route to specific PCs, and that's working fine for now.  So will this work with a Domain Controller?

2.  Do I need to setup Active Directory Service?  I really like the ability to log in on any PC as who I am and not have to setup a user with my account on every PC I would like to use.  But perhaps there is something simplier than ADS with its forests and trees and mutliple domain support, etc.?  I assume the Server is used for DNS to find each PC on the LAN instead of a Master Browser, but not sure what the simplest way to go is.

3.  Do I need to install any additional software on each client PC?

4. We are pretty open about security, so what's the minimum needed?  I've read some about Group Policies and it seems security is a whole career in itself.  

5. We run a website now using Apache, with PHP and MySQL.  The router just forwards port 80 to that PC.  It is that PC that would become the domain controller.  I'm not interested in using IIS.  There's nothing special about installing Apache, MySQL, or any other software on a Server, vs. workstation, is there?

Thanks in advance for you help!

Comment
Watch Question

Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
You do have options, but to do it exactly as you want to will actually probably cost MORE than doing it with Exchange.

For a server, you have 3 choices:

1.  SBS
2.  Server 2003
3.  Server 2008

SBS is the cheapest solution, but it's built for small businesses and it EXPECTS and frankly, needs to be run in a strict fashion conforming to the wizards.  This means using Exchange for Email. SBS will also give you a great way to remotely access all your client workstations WITHOUT doing all that port mapping.

The other problem with SBS TODAY is that before the end of the year, probably by the end of September if we're lucky, we'll the next version of SBS which will be a leap forward and use 2008.  So if you buy SBS today, you would be wise to get it with Software Assurance which would provide a full upgrade license to 2008 (Note - there is no direct upgrade from 2003 to 2008 because 2003 is 32 bit and 2008 is only 64 bit which will not allow upgrades from 32 to 64 bit systems).

2003 can be configured as you need with only the roles you want, but it will cost you more and doesn't have the management wizards.

2008 is an option as well and is both more secure and will provide an easier way of installing only the roles you want.

A final gotcha may be the Client licenses - SBS Cals run about $85 each and non-SBS cals run about $30 each, if I remember correctly.  So buying 15 more cals may balance out the initial purchase costs.  Still, considering what SBS gives you that standard server does not, this is still and excellent (and I dare say better) deal.

To more directly answer some of your questions,

1. Yes, you can continue to use the router as a a router, and TECHNICALLY, it CAN still provide DHCP PROVIDED that you set the ONLY DHCP server it knows about to be that of your Domain Controller.  Active Directory requires a properly configured DNS system to ensure there are no odd problems like delayed logons and the like.

Remote Web Workplace (an SBS only feature) would respond in a similar way to RDP requests.  Further, any server can be configured to act as a VPN and the built in Windows client will work fine.  No need for third party software.

2.  You have to use Active Directory or else you'd need some kind of third party application to provide domain services.  There may be a few such products (Novell, Samba/Linux, etc), but really, for simplicity, you should be going with AD - AD is not simple, BUT you don't HAVE to exploit it to such a level that it becomes complex.  Further, if you went with SBS, SBS will manage the AD for you and make that easier.

3. Depends.  With SBS, kind of - you have to run a web page link to prep the system and join it to the domain.  Otherwise, you would just have to join the domain which is a simple task.

4.  Security is a HUGE thing... but if you chose to ignore it, that's your business.  I take security seriously most of the time and generally, I don't care if you don't think you have anything to hide... that doesn't mean you should be lax in security.  STRONG passwords should be used, individual user accounts, firewalls, antivirus, anti-spam, etc. should all be in place to protect you AND others.

5.  The only special thing is that server will allow more than 10 concurrent connections to web services.  Though Apache has had more security vulnerabilities in the past years as reported by Secunia.org and PHP runs fine on IIS... but if you want to stick with apache, so be it.

Author

Commented:
Leew,

Thank you for your advice.

For a non-profit, the cost of server and CALs is much lower.  So I'm not too concerned about cost.

Question:  Can I run Windows Server standard without turning ANY services on?  At least at this time, all I need is a file server, so perhaps its file system will not have the 10 connection to a resource limit, and permissions by user or public, but otherwise it is just another machine on the workgroup?
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
You need CALs for every connection and server only comes with 5 (typically).  Keeping it in a workgroup is an option, but 99 out of 100 consultants will ask why?  Especially with 17 clients, using a domain makes a great deal of sense for many reasons.  Is your reluctance based on a bias towards linux or another platform or because you don't necessarily understand Windows Server-based networks?

Author

Commented:
Leew,
I will try to go to a domain LAN, but if I get stuck, I just wanted to know if I could solve my immediate problem by installing Server and using its file system.  I'm concerned that once I start down the Server path I will find a lot things that need changing I'm not aware of now.  Things that will require a lot of time to learn, and cost extra.  For example, we use Norton Ghost 9.0 on each PC to backup to a disk on what sort of passes for a "server" now that runs the web site.  And I use SyncToy to copy these backup files to a USB and store off site weekly.  I know Norton Ghost has an enterprise option that would be easier to manage, but it's more expensive.  Same for eTrust antivirus.

So my concern is being able to solve the file server problem and then move forward with other tasks as time and money permit.
Technology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Leew,
I did download a trial version of Windows Server 2008 Standard and install it a home on a spare PC.  The install went fine and no problem creating a domain.  It took me a while to find where to add domain users, but once found, I was able to add one of my PCs at home.  And I've even created a folder on the server that is shared only with certain users.  And I LOVED the Shadow Copy backup/restore feature since it allows restoring from multiple previous versions of a file. :)

I do have one PC that I can't add to the domain.  It says I need to disconnect a shared resource or I can't add the same user with a different password - or something like that.  There is something setup on this PC that has never allowed me to access its shared files from another PC on the LAN.  This PC can push files to a share on other PCs, but not the other way.  I don't even remember what I installed XP PRO from, but I suspect it might have been from a CD from work and have some sort of Group Policy restrictions hidden somewhere - not that I haven't tried to find them!  But this is a separate issue.

I noticed Norton Ghost can't connect to its service when I log on under the domain, so if I continue using it, looks like all the PCs will have to have it reinstalled.

I will look at Acronis True Image.  I don't use Norton for antivirus, but Ghost is working okay.

We do qualify for nonprofit prices.  Server 2008 Standard is only $115 and CALs are $8/each.

I need to install Apache and MySQL.  Since Server 2008 is Vista, I'm hoping there won't be any problems.

I didn't ask the Server to be DHCP.  I use static IP for routing Remote Desktop Connection.

So at this point, I'm pretty sure I will be able to use Windows Server 2008 Standard edition to solve my file server needs.  

But it's going to be a big task.  Looks like I have to move everyone's (17 PCs) My Documents, Desktop, Outlook .pst file, and Favorites to the Domain user account.  Changing the Mapped Network Drive to the new location for ShareDoc.  Reinstalling Ghost or some other backup software.

And I will also keep www.techsoup.org  in mind.  

Thank you very much for your help!
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Volume Shadow copy is great.  In addition, I strongly recommend you use Folder Redirection so that everyone, by default, save to the server.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.