Solved

Migrating to Windows file server and Active Directory - need PC to join Domain?

Posted on 2009-07-07
2
280 Views
Last Modified: 2012-08-13
Hi,

We are migrating to Windows 2008 file server from Apple OS X xserve, Samba and LDAP authentication. PCs are on workgroup settings and access rights on the SAMBA file server is controlled via ACL.

When migrating to the Active Directory, must we have the PCs join the domain?

We have 35 PCs on the LAN and I suppose as some point in time we will want to implement (or learn how to implement) group policies and login scripts etc.

0
Comment
Question by:artradis
2 Comments
 
LVL 13

Assisted Solution

by:leegclystvale
leegclystvale earned 100 total points
ID: 24801473
Get all your data across first and ensure you have no data left on the PC's. Once you are happy the data is centally stored on the server, you can join the PC's at any time  with the correct credentials (domain admins usually).
Good luck
0
 
LVL 3

Accepted Solution

by:
AdoBeebo earned 400 total points
ID: 24801499
Hi artradis
With 35 PCs on the LAN you will be able to realise all of the benefits of joining PCs to an Active Directory domain and I strongly recommend that you do. If you had a group of PCs that you didn't join to the domain they would still be able to make and receive DHCP requests to your AD domain controller, and if the network gateway was on the same subnet as the AD domain controller you shouldn't have a problem with internet access. If you configure your DNS for non-secure updates then name resolution will be/should be fine.
But you would not have the benefits of the authentication/authorisation model applied to AD domain members. A domain joined Windows PC will authenticate at boot time, and the user will authenticate at login, and subsequently the machine and user accounts will be authorised to access various resources (e.g. file and print) and settings based on the object ACL which is affected by security group membership, GPOs and individually applied permissions.
In a workgroup, each user would need to authenticate every time they attempted to access a network resource, which gets old really quickly. Exchange can't be deployed in a non-domain environment as well, so if that is a future consideration you should bear it in mind.
Also there are huge benefits which include time-synchronisation and many centralised tools for manageability which make managing a workgroup of any more than 10 or 12 PCs a more daunting task (to me) than managing a domain of 50-100.
For example - you are asked to roll out a new application to the whole company, such as Office 2007. You could take the CD around each PC in the workgroup and install it manually, taking a big chunk out of your evening/weekend. Or you can set up a GPO to install it next time the machine boots and apply the GPO at the domain to your workstation organisational unit (OU), with the anticipated happy result of you getting to leave work on time :)
If you wanted to share a file in a workgroup you have to update permissions for every user that needs to access it, or you make it available to everyone, which you may not want to do if it is the Finance Director's annual report. For the same file in AD, you create a group which contains all of the users in the Finance Department, and another which contains all of the Directors and add them both to the ACL fror the file.
Printers can be easily deployed via GPOs, as can applications, changes to settings (e.g. corporate desktop wallpaper). When you really get into it, you'll become like me and loathe to leave your desk to make a change manually if there is some way to automate it!
Good luck, and in my opinion and your position, join all the PCs to the AD.
 
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now