Recommended replacement for Windows AD?

I'm looking for ideas. Given Microsoft's direction lately toward cloud, away from Small Business, toward built-in data mining, our pension fund office is thinking about moving away from SBS/Windows AD to something different like Mac or Linux. If we did something like that, are there ways to reproduce the AD functionality? I can certainly see this a doable on internal workstations, but what about duplicating the Remote Desktop functionality for home-login?

All ideas welcome and worth points!
LVL 1
jmarkfoleyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Check out the Linux terminal server project for remote desktop server functionality. Samba for active directory (it's roughly equivalent to AD on 2003 in its newest release)

There's also complete small business packages like Zentyal.

But keep in mind, while Linux is free of licensing fees, $upport can often cost more than a Microsoft license on an annual basis. And then you have to worry about learning curve for you and your users. And implementation time. There can be a LOT of hidden, not thought of but VERY REAL costs. And personally, I find much of the Linux community underlined to help... With responses often being rtfm (read the freakin manual). I also find the man pages for commands less useful than most of the equivalents in Windows.

Analyze your costs for switching platforms - to any platform- carefully and intelligently. Yes Microsoft is going cloud happy but they still make on premises offerings.
0
rindiCommented:
As already has been mentioned above, Zentyal is what I would recommend. It works very well, and uses a modular setup approach, so you can select what you want your server(s) to provide and what not. It's Samba/LDAP modules provide AD server Compatibility, it also includes an OpenChange Module which provides an Exchange server clone, and many more. It is very easy to setup, and for the same type of functionality as the m$ equivalent, the servers need far less powerful hardware.

The Development edition, which is the community edition is free, while there is also a commercial edition. The main difference between the two is that with the commercial edition you get support, while with the free edition you have to rely on their forums.

http://zentyal.org
0
Sanga CollinsSystems AdminCommented:
Zentyal is the way to go. I migrated all my windows AD to zentyal when it was still version 2.x back in 2011. They have made huge leaps and bounds since then including Exchange integration.

I no longer consider windows at all when needing an AD backend unless a customer speficially needs to run a program in a windows server. For services like Quickbooks, i install a windows server 2003 virtual machine in virtualbox and block it from the web and that works perfectly.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

jmarkfoleyAuthor Commented:
Thanks for the feedback so far. In fact, we have partially migrated already. Given that the Microsoft's SBS product has been dropped and its replacement, Server Essentials does not support Exchange, we did migrate to Samba4 from SBS 2008 for AD/DC about 7 months ago and have had few issues and much easier monitoring and logging of potential security problems. I did explore OpenChange and Zentyal about a year ago, but perhaps Zentyal should be revisited. However, we decided to go the IMAP route instead of Exchange (or Exchange clone) and that has worked out just fine. given that, maybe Zentyal is moot is this point.

Also, we are in the process of downgrading from Office 2013 back to Office 2010. If interested, see my comments on why here: http://www.experts-exchange.com/questions/28715146/More-Office-2013-woes-message-sent-within-Word-going-to-wrong-Sent-folder.html#a41005348.

In general, server-side isn't really my immediate concern ...

Now, given Windows 10's default settings to snarf as much personal data as possible from your computer, a la facebook and google, and this being a very security conscience office, I am considering moving the workstations to something else like Mac or Linux/Ubuntu. Mac provides corporate support and a large user base, and a corporation that currently assures us it's not after our personal data (Tim Cook  EPIC’s Champions of Freedom: http://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy/#.c3bzxc:kVGu). Advantages of Linux are cost, potential dual-boot back to Windows and the ability to construct desktops that can look/act either like Mac or Windows, depending on the user's religious preferences.

What I'm not sure about is reproducing the whole "roving domain profile" thing whereby a user can log on to any workstation in the domain and get his/her desktop and settings, and in particular doing the same from home (probably from a Windows or Mac home computer).  On the workstations, we can use eMclient or the like, and e.g. LibreOffice as MS Office replacements (recommendations?), but the domain profile thing is a pretty nice Microsoft feature.

Lee W, MVP, does your mentioned "Linux terminal server project" address this? Are there other ideas on providing this functionality in the Mac/Linux world?

Sanga Collins, good comment on your quickbooks solution. We use quickbooks as well.
0
jmarkfoleyAuthor Commented:
Here's what I've done. I'm not using LTSP - too much burden on the server. Instead, I'm staged Ubuntu workstations and have configured it to use Active Directory Authentication and autofs. This duplicates my Windows workstation setup almost exactly. In fact, I've set the autofs to mount the AD user's ADserver:/redirectedFolders/Users/username directory as the home directory and the same Desktop appears on the Ubuntu desktop as appears on the Windows 7 desktop! All seems to work fine!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jmarkfoleyAuthor Commented:
My solution is what I did. Point all 'round for "playing".
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.