Solved

Migrating to Windows file server and Active Directory - need PC to join Domain?

Posted on 2009-07-07
2
283 Views
Last Modified: 2012-08-13
Hi,

We are migrating to Windows 2008 file server from Apple OS X xserve, Samba and LDAP authentication. PCs are on workgroup settings and access rights on the SAMBA file server is controlled via ACL.

When migrating to the Active Directory, must we have the PCs join the domain?

We have 35 PCs on the LAN and I suppose as some point in time we will want to implement (or learn how to implement) group policies and login scripts etc.

0
Comment
Question by:artradis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Assisted Solution

by:leegclystvale
leegclystvale earned 100 total points
ID: 24801473
Get all your data across first and ensure you have no data left on the PC's. Once you are happy the data is centally stored on the server, you can join the PC's at any time  with the correct credentials (domain admins usually).
Good luck
0
 
LVL 3

Accepted Solution

by:
AdoBeebo earned 400 total points
ID: 24801499
Hi artradis
With 35 PCs on the LAN you will be able to realise all of the benefits of joining PCs to an Active Directory domain and I strongly recommend that you do. If you had a group of PCs that you didn't join to the domain they would still be able to make and receive DHCP requests to your AD domain controller, and if the network gateway was on the same subnet as the AD domain controller you shouldn't have a problem with internet access. If you configure your DNS for non-secure updates then name resolution will be/should be fine.
But you would not have the benefits of the authentication/authorisation model applied to AD domain members. A domain joined Windows PC will authenticate at boot time, and the user will authenticate at login, and subsequently the machine and user accounts will be authorised to access various resources (e.g. file and print) and settings based on the object ACL which is affected by security group membership, GPOs and individually applied permissions.
In a workgroup, each user would need to authenticate every time they attempted to access a network resource, which gets old really quickly. Exchange can't be deployed in a non-domain environment as well, so if that is a future consideration you should bear it in mind.
Also there are huge benefits which include time-synchronisation and many centralised tools for manageability which make managing a workgroup of any more than 10 or 12 PCs a more daunting task (to me) than managing a domain of 50-100.
For example - you are asked to roll out a new application to the whole company, such as Office 2007. You could take the CD around each PC in the workgroup and install it manually, taking a big chunk out of your evening/weekend. Or you can set up a GPO to install it next time the machine boots and apply the GPO at the domain to your workstation organisational unit (OU), with the anticipated happy result of you getting to leave work on time :)
If you wanted to share a file in a workgroup you have to update permissions for every user that needs to access it, or you make it available to everyone, which you may not want to do if it is the Finance Director's annual report. For the same file in AD, you create a group which contains all of the users in the Finance Department, and another which contains all of the Directors and add them both to the ACL fror the file.
Printers can be easily deployed via GPOs, as can applications, changes to settings (e.g. corporate desktop wallpaper). When you really get into it, you'll become like me and loathe to leave your desk to make a change manually if there is some way to automate it!
Good luck, and in my opinion and your position, join all the PCs to the AD.
 
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question