Solved

Migrating to Windows file server and Active Directory - need PC to join Domain?

Posted on 2009-07-07
2
279 Views
Last Modified: 2012-08-13
Hi,

We are migrating to Windows 2008 file server from Apple OS X xserve, Samba and LDAP authentication. PCs are on workgroup settings and access rights on the SAMBA file server is controlled via ACL.

When migrating to the Active Directory, must we have the PCs join the domain?

We have 35 PCs on the LAN and I suppose as some point in time we will want to implement (or learn how to implement) group policies and login scripts etc.

0
Comment
Question by:artradis
2 Comments
 
LVL 13

Assisted Solution

by:leegclystvale
leegclystvale earned 100 total points
ID: 24801473
Get all your data across first and ensure you have no data left on the PC's. Once you are happy the data is centally stored on the server, you can join the PC's at any time  with the correct credentials (domain admins usually).
Good luck
0
 
LVL 3

Accepted Solution

by:
AdoBeebo earned 400 total points
ID: 24801499
Hi artradis
With 35 PCs on the LAN you will be able to realise all of the benefits of joining PCs to an Active Directory domain and I strongly recommend that you do. If you had a group of PCs that you didn't join to the domain they would still be able to make and receive DHCP requests to your AD domain controller, and if the network gateway was on the same subnet as the AD domain controller you shouldn't have a problem with internet access. If you configure your DNS for non-secure updates then name resolution will be/should be fine.
But you would not have the benefits of the authentication/authorisation model applied to AD domain members. A domain joined Windows PC will authenticate at boot time, and the user will authenticate at login, and subsequently the machine and user accounts will be authorised to access various resources (e.g. file and print) and settings based on the object ACL which is affected by security group membership, GPOs and individually applied permissions.
In a workgroup, each user would need to authenticate every time they attempted to access a network resource, which gets old really quickly. Exchange can't be deployed in a non-domain environment as well, so if that is a future consideration you should bear it in mind.
Also there are huge benefits which include time-synchronisation and many centralised tools for manageability which make managing a workgroup of any more than 10 or 12 PCs a more daunting task (to me) than managing a domain of 50-100.
For example - you are asked to roll out a new application to the whole company, such as Office 2007. You could take the CD around each PC in the workgroup and install it manually, taking a big chunk out of your evening/weekend. Or you can set up a GPO to install it next time the machine boots and apply the GPO at the domain to your workstation organisational unit (OU), with the anticipated happy result of you getting to leave work on time :)
If you wanted to share a file in a workgroup you have to update permissions for every user that needs to access it, or you make it available to everyone, which you may not want to do if it is the Finance Director's annual report. For the same file in AD, you create a group which contains all of the users in the Finance Department, and another which contains all of the Directors and add them both to the ACL fror the file.
Printers can be easily deployed via GPOs, as can applications, changes to settings (e.g. corporate desktop wallpaper). When you really get into it, you'll become like me and loathe to leave your desk to make a change manually if there is some way to automate it!
Good luck, and in my opinion and your position, join all the PCs to the AD.
 
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now