Solved

Migrating to Windows file server and Active Directory - need PC to join Domain?

Posted on 2009-07-07
2
284 Views
Last Modified: 2012-08-13
Hi,

We are migrating to Windows 2008 file server from Apple OS X xserve, Samba and LDAP authentication. PCs are on workgroup settings and access rights on the SAMBA file server is controlled via ACL.

When migrating to the Active Directory, must we have the PCs join the domain?

We have 35 PCs on the LAN and I suppose as some point in time we will want to implement (or learn how to implement) group policies and login scripts etc.

0
Comment
Question by:artradis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Assisted Solution

by:leegclystvale
leegclystvale earned 100 total points
ID: 24801473
Get all your data across first and ensure you have no data left on the PC's. Once you are happy the data is centally stored on the server, you can join the PC's at any time  with the correct credentials (domain admins usually).
Good luck
0
 
LVL 3

Accepted Solution

by:
AdoBeebo earned 400 total points
ID: 24801499
Hi artradis
With 35 PCs on the LAN you will be able to realise all of the benefits of joining PCs to an Active Directory domain and I strongly recommend that you do. If you had a group of PCs that you didn't join to the domain they would still be able to make and receive DHCP requests to your AD domain controller, and if the network gateway was on the same subnet as the AD domain controller you shouldn't have a problem with internet access. If you configure your DNS for non-secure updates then name resolution will be/should be fine.
But you would not have the benefits of the authentication/authorisation model applied to AD domain members. A domain joined Windows PC will authenticate at boot time, and the user will authenticate at login, and subsequently the machine and user accounts will be authorised to access various resources (e.g. file and print) and settings based on the object ACL which is affected by security group membership, GPOs and individually applied permissions.
In a workgroup, each user would need to authenticate every time they attempted to access a network resource, which gets old really quickly. Exchange can't be deployed in a non-domain environment as well, so if that is a future consideration you should bear it in mind.
Also there are huge benefits which include time-synchronisation and many centralised tools for manageability which make managing a workgroup of any more than 10 or 12 PCs a more daunting task (to me) than managing a domain of 50-100.
For example - you are asked to roll out a new application to the whole company, such as Office 2007. You could take the CD around each PC in the workgroup and install it manually, taking a big chunk out of your evening/weekend. Or you can set up a GPO to install it next time the machine boots and apply the GPO at the domain to your workstation organisational unit (OU), with the anticipated happy result of you getting to leave work on time :)
If you wanted to share a file in a workgroup you have to update permissions for every user that needs to access it, or you make it available to everyone, which you may not want to do if it is the Finance Director's annual report. For the same file in AD, you create a group which contains all of the users in the Finance Department, and another which contains all of the Directors and add them both to the ACL fror the file.
Printers can be easily deployed via GPOs, as can applications, changes to settings (e.g. corporate desktop wallpaper). When you really get into it, you'll become like me and loathe to leave your desk to make a change manually if there is some way to automate it!
Good luck, and in my opinion and your position, join all the PCs to the AD.
 
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question