Choice Between Windows Workgroup vs. Domain with Active Directory

I am setting up a network with a Proliant ML350 Server running Server 2008 R2.  There will be six desktops.  The main programs that will be installed on the server and accessible from the workstations are two line-of-business applications, neither of which will be using SQL Server.  There will NOT be Exchange running on the server .  In order to maximize on server resources (there are 12GB's of RAM and hard drives in a RAID 5 configuration) I was not going to install Active Directory and set the network up as a Workgroup instead of a Domain.  

Are there any drawbacks to this?  

Is this the best choice for what I need?

Thanks.
b1dupreeAsked:
Who is Participating?
 
naomelixesCommented:
I really think you should go ahead and deploy the AD. It's not that resource intensive, and it sounds like you have the hardware for it to run with no problems (allthough you didn't mention the CPU, what gen is the server...).
As far as the drawbacks of not using AD, there are just too many to mention. Security, powerful centralized managementof the network...
0
 
TTauriCommented:
Not using AD does have many drawbacks as mentioned my naomelixes, some of the more relevant ones would be:
* security of file shares - you would not be able to limit which desktops could see certain files easily without centralised user management
* Having to create admin users on each desktop and deal with passwords getting out of sync rather than having the ability to make one user a domain admin and then they can do anything on any machine
* central management of logon scripts, updates (with WSUS), etc.

However for 6 desktops I have to ask what level of IT expertise will be maintaining this setup?  If the person responsible for keeping things running has minimal enterprise experience then the extra complexity of AD might cause more problems than its worth.  Someone who is good with IT from a home user perspective would not know how AD deals with issues and would over time introduce many workarounds and shortcuts that undermine the improved AD security.

Overall I agree with naomelixes _IF_ the person dealing with these systems knows a bit about AD.  Otherwise local user accounts will be more work and less secure but would be something that is more likely to be understood by someone without AD experience.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
> the extra complexity of AD might cause more problems
I disagree.  Yes, there is a minimal amount of extra complexity... like there's a minimum amount of extra complexity in driving a manual transmission car... if you know the rules, it's easy.  

Rule #1: DNS is VITAL - configure DNS properly and you aren't likely to have any problems.
Rule #2: See Rule #1.
Rule #3: don't give everyone DOMAIN ADMIN accounts.  TECHNICALLY you shouldn't give them local admin accounts either, but if you want it to be easy (for users AND for viruses), then you can put their accounts in the local admins group.

That's about it.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
b1dupreeAuthor Commented:
Thanks for your responses.  I have dealt with Active Directory on a number of servers.  My conerns were the overhead for running Active Directory (server resources) etc. versus the benefits but it appears that given the server hardware resources available (BTW is a current model Xeon processor) it shouldn't be an issue.

0
 
TTauriCommented:
If you are going to be maintaining this and you are happy with AD then the benefits make it a good choice to use even for only 6 desktops.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
AD is NOT a resource intensive service.  I have a 2003 R2 x64 VM running on Hyper-V R2 SP1 with 768 MB of RAM allocated and it's claiming only 250 MB is used.  DNS is NOT a resource intensive service.  Nor is DHCP.  In a network of THOUSANDS, yes, they can be intensive... in a network of 6 you'd literally have to spend money and time trying to identify the amount of performance degradation you get... it would be SOOO small.
0
 
kevinhsiehCommented:
I would install AD in an environment of 3 machines. Two machines I would need to think about. As for a performance difference, you could run it on a PIII, 128 MB RAM under Windows 2003. The only downside I see is that it will add to the boot time of your server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.