Marshall Kass
asked on
Server 2008 R2 Standalone vs. Active Directory - what are the benefits
What are the pros vs. Cons of Server 2008 running as a file server as a standalone server as opposed to installing and configuring AD and also file services. Does one run faster that the other? How many users would be realistically required to install and configure AD on a server in a small office envoirnment? I am setting up a small network, 10 users with a potential of 20 down the line. I have good hardware but I am trying to decide if it is worth the additional effort to install AD services on this server or run it as a standalone. I cannot seem to find any info that says one is better than the other for performance purposes and I am interested in finding out what the pros and cons are one, vs. the other.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I NEVER setup workgroups. If you have a server, in my opinion there's no point to NOT having a Domain. The added effort is MINIMAL and it provides for so much easier management.
ASKER
Thank you both. I have set up a lot of domains, however when there is an issue, usually down the road, transferring the domain or resetting all the PCs or even setting up a "temproary" server takes a long time and then we usually end up having to rejoin the workstations at some time due to the creation of a new AD server. Just wondering if there is any real benefits for a small network.
I will read the article and get back to you both shortly.
I will read the article and get back to you both shortly.
If you have a Workgroup, you CANNOT transfer user accounts to a new server. You cannot transfer permissions to a new server. If a user wants to use another PC, they have to have an account setup. Remotely managing machines becomes a headache in a workgroup. Connecting to shared resources can be a HUGE PITA without matching user accounts and passwords and maintaining that is a headache.
I don't understand what issues or what problems you're facing. I cannot recall an instance where I had a serious problem with a properly setup server. I've seen problems with servers that were NOT properly setup, especially SBS servers, but not standard servers. I've seen problems when people don't back things up. Or when people screw up DNS settings or try to modify the DEFAULT group policies rather than create new ones. But if you take a conservative approach to management of the domain, there shouldn't be a problem... ever. At least in 99% of the installations.
Which reminds me - you already have the server? If not, you should be buying SBS 2011 Essentials - it's designed for small networks of up to 25 users. It costs about half the price of standard server, doesn't require CALs, has a wizard driven interface, provides Remote Access features not available on standard server, and includes workstation backup as a standard feature, again, not available on standard server. It REQUIRES that it's a Domain Controller.
I don't understand what issues or what problems you're facing. I cannot recall an instance where I had a serious problem with a properly setup server. I've seen problems with servers that were NOT properly setup, especially SBS servers, but not standard servers. I've seen problems when people don't back things up. Or when people screw up DNS settings or try to modify the DEFAULT group policies rather than create new ones. But if you take a conservative approach to management of the domain, there shouldn't be a problem... ever. At least in 99% of the installations.
Which reminds me - you already have the server? If not, you should be buying SBS 2011 Essentials - it's designed for small networks of up to 25 users. It costs about half the price of standard server, doesn't require CALs, has a wizard driven interface, provides Remote Access features not available on standard server, and includes workstation backup as a standard feature, again, not available on standard server. It REQUIRES that it's a Domain Controller.
ASKER
I have 2008 Server Standard. The issues I have faced are with old servers (2003) that have crashed or had a catestrophic failure. As these are small businesses there are usually no backup servers so if the domain server crashes, we have to reconnect the workstations to a newly created AD. In twenty years I have never lost a DC through software issues (actually I did lose one - it was a 2000 Server and a MS update corrupted the AD. Sixteen hours later, with Microsoft's help, we decided that it would be more expidient to replace rebuild from scratch rather than recover the exisiting AD.)
2011 SBS is more than we need as they do not want to manage exchange, sharepoint, etc. They need a fileserver only.
2011 SBS is more than we need as they do not want to manage exchange, sharepoint, etc. They need a fileserver only.
I didn't say SBS 2011 Standard - I Said SBS 2011 Essentials - Essentials doesn't include Exchange and doesn't require CALs and is cheaper than server.
But this business already spent the money on a standard edition of Server, so no point in arguing this - though I would suggest you keep in mind these options next time an upgrade is to be done. Microsoft has done a nice job (if sometimes confusing) in catering to small businesses.
In the catastrophic failures you've had did you have no backups? I don't mean other domain controllers - I mean BACKUPS - so that if you had a catastrophic failure, you take your backup and restore? Like the traditional Tape backup or another backup that may backup to disk or use a BDR device? In single domain controller environments, it is fairly easy to restore a DC if something failed. It's far more complicated in multi-DC environments. Further, such a failure really shouldn't occur often if at all. All servers should have RAID 1 or 5 (I vastly prefer RAID 1) and be NAME BRAND servers under warranty.
But this business already spent the money on a standard edition of Server, so no point in arguing this - though I would suggest you keep in mind these options next time an upgrade is to be done. Microsoft has done a nice job (if sometimes confusing) in catering to small businesses.
In the catastrophic failures you've had did you have no backups? I don't mean other domain controllers - I mean BACKUPS - so that if you had a catastrophic failure, you take your backup and restore? Like the traditional Tape backup or another backup that may backup to disk or use a BDR device? In single domain controller environments, it is fairly easy to restore a DC if something failed. It's far more complicated in multi-DC environments. Further, such a failure really shouldn't occur often if at all. All servers should have RAID 1 or 5 (I vastly prefer RAID 1) and be NAME BRAND servers under warranty.
ASKER
Leew: In the small business environment we sometimes take on existing networks to manage. A tape backup or external USB device of a 5 year old homegrown server is not always a viable backup if you have to replace a machine with dissimilar hardware. I have never allowed DATA to go missing, but in a very small environment there are a LOT of budgetary considerations. These sometime do not allow for simple things like higher-end backup software or name-brands servers with complete warranties.
Also, all my newer servers have at least RAID 1 or 5 (an I actually prefer RAID 1+0 plus a spare) which is how I configure all my DELL servers. Again, I appreciate best practices but sometimes there are compelling reasons for skimping and those are usually based on $$$.
Insofar as SBS 2011 Essentials, I thank you for that info. As you mentioned, MS is sometimes a bit confusing and as I am not a real fan of SBS I overlooked the intro of the essential version as I thought (it being the same name and all) that it was just another release of SBS. I am a big fan of Hosted Exchange as that frees up a simple server for file sharing and doesn't require a lot of resources for security as does an outward facing exchange.
Also, all my newer servers have at least RAID 1 or 5 (an I actually prefer RAID 1+0 plus a spare) which is how I configure all my DELL servers. Again, I appreciate best practices but sometimes there are compelling reasons for skimping and those are usually based on $$$.
Insofar as SBS 2011 Essentials, I thank you for that info. As you mentioned, MS is sometimes a bit confusing and as I am not a real fan of SBS I overlooked the intro of the essential version as I thought (it being the same name and all) that it was just another release of SBS. I am a big fan of Hosted Exchange as that frees up a simple server for file sharing and doesn't require a lot of resources for security as does an outward facing exchange.
MarshalK,
I'm an active member of a consulting group somewhat misnamed in New York that focuses on small businesses. Many of the members have clients of 15 users or less and most seem to think 25 or more is too large for them. I "grew up", IT speaking, managing the Windows systems in a 1000 user network and for the past 7 years have done nothing but small businesses between 1 and 60 users.
Most of my clients refuse to purchase a BDR and pay the monthly fee associated with it, but many in the group DO buy them. IN MY OPINION, there's no reason you shouldn't be backing up the entire system. An external hard drive is CHEAP (well, it was, at least until the flooding in Thailand). And there are other options. And today with virtualization, you never need to worry about hardware differences. I'm moving towards ONLY installing servers in VMs - the performance hit for a small business is negligible and the benefits of hardware abstraction and being able to move the server are immense. I also do not buy Windows Server OEM versions EXCEPT for systems that require it (Foundation Edition is only available through OEM). The price difference is really minimal to get a volume license - which eases license management and provides the needed rights for BDR solutions and and later migration to different hardware if necessary.
Put simply, EVERYONE is $$$ concerned - but when it's made clear how failing to use redundancies (and I'm not necessarily talking about BDRs or second DCs) can cost them far more in the long run, the client usually spends the extra few dollars (not thousands in most cases, hundreds).
Lastly, and make no mistake, I would consider this a poorly build network and not think very highly of the person who implemented it, you COULD make the machine a DC and simply not join the machines to the domain. In both workgroup and domain mode, you have what amounts to a "local" user database on a single server. attaching the clients as if it were a workgroup should work just fine. the one benefit of doing it this way is you are able to preserve user accounts and permissions as you upgrade the server at a later date.
I'm an active member of a consulting group somewhat misnamed in New York that focuses on small businesses. Many of the members have clients of 15 users or less and most seem to think 25 or more is too large for them. I "grew up", IT speaking, managing the Windows systems in a 1000 user network and for the past 7 years have done nothing but small businesses between 1 and 60 users.
Most of my clients refuse to purchase a BDR and pay the monthly fee associated with it, but many in the group DO buy them. IN MY OPINION, there's no reason you shouldn't be backing up the entire system. An external hard drive is CHEAP (well, it was, at least until the flooding in Thailand). And there are other options. And today with virtualization, you never need to worry about hardware differences. I'm moving towards ONLY installing servers in VMs - the performance hit for a small business is negligible and the benefits of hardware abstraction and being able to move the server are immense. I also do not buy Windows Server OEM versions EXCEPT for systems that require it (Foundation Edition is only available through OEM). The price difference is really minimal to get a volume license - which eases license management and provides the needed rights for BDR solutions and and later migration to different hardware if necessary.
Put simply, EVERYONE is $$$ concerned - but when it's made clear how failing to use redundancies (and I'm not necessarily talking about BDRs or second DCs) can cost them far more in the long run, the client usually spends the extra few dollars (not thousands in most cases, hundreds).
Lastly, and make no mistake, I would consider this a poorly build network and not think very highly of the person who implemented it, you COULD make the machine a DC and simply not join the machines to the domain. In both workgroup and domain mode, you have what amounts to a "local" user database on a single server. attaching the clients as if it were a workgroup should work just fine. the one benefit of doing it this way is you are able to preserve user accounts and permissions as you upgrade the server at a later date.
ASKER
I appreciate the insight and I agree with many of your points and implement them in my newer networks, however the original question was regarding the pros and cons of running SERVER 2008 as a standalone or with AD and what the differences are (performance wise, if any) of one over the other.
I know and understand about user management in AD and I employ it more often than not. I have a few smaller networks with foundation using the server simply for home files and smaller data requirements (they are all in the clouds for their major apps).
Again, I was wondering if there is a substantial performance difference between two identical servers in identical environments, one running as a standalone, one with AD. Is one empirically faster then the other? Does AD add overhead that a standalone setup does not and if so, is that noticeable difference?
I know and understand about user management in AD and I employ it more often than not. I have a few smaller networks with foundation using the server simply for home files and smaller data requirements (they are all in the clouds for their major apps).
Again, I was wondering if there is a substantial performance difference between two identical servers in identical environments, one running as a standalone, one with AD. Is one empirically faster then the other? Does AD add overhead that a standalone setup does not and if so, is that noticeable difference?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.