Migrating to Windows file server and Active Directory - need PC to join Domain?

Hi,

We are migrating to Windows 2008 file server from Apple OS X xserve, Samba and LDAP authentication. PCs are on workgroup settings and access rights on the SAMBA file server is controlled via ACL.

When migrating to the Active Directory, must we have the PCs join the domain?

We have 35 PCs on the LAN and I suppose as some point in time we will want to implement (or learn how to implement) group policies and login scripts etc.

artradisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

leegclystvaleCommented:
Get all your data across first and ensure you have no data left on the PC's. Once you are happy the data is centally stored on the server, you can join the PC's at any time  with the correct credentials (domain admins usually).
Good luck
0
AdoBeeboCommented:
Hi artradis
With 35 PCs on the LAN you will be able to realise all of the benefits of joining PCs to an Active Directory domain and I strongly recommend that you do. If you had a group of PCs that you didn't join to the domain they would still be able to make and receive DHCP requests to your AD domain controller, and if the network gateway was on the same subnet as the AD domain controller you shouldn't have a problem with internet access. If you configure your DNS for non-secure updates then name resolution will be/should be fine.
But you would not have the benefits of the authentication/authorisation model applied to AD domain members. A domain joined Windows PC will authenticate at boot time, and the user will authenticate at login, and subsequently the machine and user accounts will be authorised to access various resources (e.g. file and print) and settings based on the object ACL which is affected by security group membership, GPOs and individually applied permissions.
In a workgroup, each user would need to authenticate every time they attempted to access a network resource, which gets old really quickly. Exchange can't be deployed in a non-domain environment as well, so if that is a future consideration you should bear it in mind.
Also there are huge benefits which include time-synchronisation and many centralised tools for manageability which make managing a workgroup of any more than 10 or 12 PCs a more daunting task (to me) than managing a domain of 50-100.
For example - you are asked to roll out a new application to the whole company, such as Office 2007. You could take the CD around each PC in the workgroup and install it manually, taking a big chunk out of your evening/weekend. Or you can set up a GPO to install it next time the machine boots and apply the GPO at the domain to your workstation organisational unit (OU), with the anticipated happy result of you getting to leave work on time :)
If you wanted to share a file in a workgroup you have to update permissions for every user that needs to access it, or you make it available to everyone, which you may not want to do if it is the Finance Director's annual report. For the same file in AD, you create a group which contains all of the users in the Finance Department, and another which contains all of the Directors and add them both to the ACL fror the file.
Printers can be easily deployed via GPOs, as can applications, changes to settings (e.g. corporate desktop wallpaper). When you really get into it, you'll become like me and loathe to leave your desk to make a change manually if there is some way to automate it!
Good luck, and in my opinion and your position, join all the PCs to the AD.
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.