Choice Between Windows Workgroup vs. Domain with Active Directory

I am setting up a network with a Proliant ML350 Server running Server 2008 R2.  There will be six desktops.  The main programs that will be installed on the server and accessible from the workstations are two line-of-business applications, neither of which will be using SQL Server.  There will NOT be Exchange running on the server .  In order to maximize on server resources (there are 12GB's of RAM and hard drives in a RAID 5 configuration) I was not going to install Active Directory and set the network up as a Workgroup instead of a Domain.  

Are there any drawbacks to this?  

Is this the best choice for what I need?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I really think you should go ahead and deploy the AD. It's not that resource intensive, and it sounds like you have the hardware for it to run with no problems (allthough you didn't mention the CPU, what gen is the server...).
As far as the drawbacks of not using AD, there are just too many to mention. Security, powerful centralized managementof the network...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Not using AD does have many drawbacks as mentioned my naomelixes, some of the more relevant ones would be:
* security of file shares - you would not be able to limit which desktops could see certain files easily without centralised user management
* Having to create admin users on each desktop and deal with passwords getting out of sync rather than having the ability to make one user a domain admin and then they can do anything on any machine
* central management of logon scripts, updates (with WSUS), etc.

However for 6 desktops I have to ask what level of IT expertise will be maintaining this setup?  If the person responsible for keeping things running has minimal enterprise experience then the extra complexity of AD might cause more problems than its worth.  Someone who is good with IT from a home user perspective would not know how AD deals with issues and would over time introduce many workarounds and shortcuts that undermine the improved AD security.

Overall I agree with naomelixes _IF_ the person dealing with these systems knows a bit about AD.  Otherwise local user accounts will be more work and less secure but would be something that is more likely to be understood by someone without AD experience.
Lee W, MVPTechnology and Business Process AdvisorCommented:
> the extra complexity of AD might cause more problems
I disagree.  Yes, there is a minimal amount of extra complexity... like there's a minimum amount of extra complexity in driving a manual transmission car... if you know the rules, it's easy.  

Rule #1: DNS is VITAL - configure DNS properly and you aren't likely to have any problems.
Rule #2: See Rule #1.
Rule #3: don't give everyone DOMAIN ADMIN accounts.  TECHNICALLY you shouldn't give them local admin accounts either, but if you want it to be easy (for users AND for viruses), then you can put their accounts in the local admins group.

That's about it.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

b1dupreeAuthor Commented:
Thanks for your responses.  I have dealt with Active Directory on a number of servers.  My conerns were the overhead for running Active Directory (server resources) etc. versus the benefits but it appears that given the server hardware resources available (BTW is a current model Xeon processor) it shouldn't be an issue.

If you are going to be maintaining this and you are happy with AD then the benefits make it a good choice to use even for only 6 desktops.
Lee W, MVPTechnology and Business Process AdvisorCommented:
AD is NOT a resource intensive service.  I have a 2003 R2 x64 VM running on Hyper-V R2 SP1 with 768 MB of RAM allocated and it's claiming only 250 MB is used.  DNS is NOT a resource intensive service.  Nor is DHCP.  In a network of THOUSANDS, yes, they can be intensive... in a network of 6 you'd literally have to spend money and time trying to identify the amount of performance degradation you get... it would be SOOO small.
I would install AD in an environment of 3 machines. Two machines I would need to think about. As for a performance difference, you could run it on a PIII, 128 MB RAM under Windows 2003. The only downside I see is that it will add to the boot time of your server.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.