what windows server should I choose for Active directory?
-
@Dashrender said in what windows server should I choose for Active directory?:
@Alan said in what windows server should I choose for Active directory?:
@Dashrender
-most of the Pcs are running windows 7 pro, we have few windows 10 proPlease remind the client that Windows 7 only has 3 more years of support left. Jan 2020 is when MS stops making security updates. Definitely not to early to start looking at the requirements to get away from Windows 7.
Wish I could upvote this more. 3 years doesn't mean wait 3 years then look to move. Start now.
-
@Dashrender You r right, I might not need AD, I'm looking for a solution the will provide some type of management like a single sign-in and user authentication ...etc the company is growing and it should something in place to centralise and manage all the devices/users in the company
-
@Dashrender Upgrading to windows 10 won't be a problem. I haven't thought about it this way but it definitely something to be considered.
-
@Alan said in what windows server should I choose for Active directory?:
@Dashrender You r right, I might not need AD, I'm looking for a solution the will provide some type of management like a single sign-in and user authentication ...etc the company is growing and it should something in place to centralise and manage all the devices/users in the company
Do you need a central administration of the endpoints? You haven't explained the use of the end points, or the applications. Can you go BOYD? Since it sounds like there is currently no centralized PC control mechanism, you're a bit there already.
If you keep deploying applications that have either their own authentication or a shared central one, that can allow you to keep a BOYD type setup.
Of course, even in BOYD, you can deploy management tools for the endpoints as previously mentioned.
-
@Alan said in what windows server should I choose for Active directory?:
@Dashrender Upgrading to windows 10 won't be a problem. I haven't thought about it this way but it definitely something to be considered.
We tested and upgraded all available machines to Windows 10 before the official end date for the free upgrade. I'm not sure if you can still get the free upgrades or not, only testing will tell. Good luck in any case.
-
@Alan 2012 r2 is the current standard here (and my preference), but it is up to you to decide how to move forward with your own implementation. If you're building an AD infrastructure, you really shouldn't have to ask this kind of question, especially if you've been hired as a SysAdmin. Honestly, asking this kind of question makes me wonder about your experience in IT.
-
@Grey This is my first IT job and started as a part-time help desk and part-time network tech . I don't have the experience but I do have a good background as I graduated with a computer engineering degree and got Cisco certs!
but this is my first step on getting experience -
@Alan said in what windows server should I choose for Active directory?:
@Grey This is my first IT job and started as a part-time help desk and part-time network tech . I don't have the experience but I do have a good background as I graduated with a computer engineering degree and got Cisco certs!
but this is my first step on getting experienceHave you setup an AD before?
-
I want to create an IT department and start organising all the mess! I already implement Spiceworks as our ticketing system. start organising all the documents and creating an admin login for each machine...etc
-
@Dashrender no I didn't, but I did create a lab for the purpose
-
@Alan said in what windows server should I choose for Active directory?:
I want to create an IT department and start organising all the mess! I already implement Spiceworks as our ticketing system. start organising all the documents and creating an admin login for each machine...etc
You don't need an individual admin login for each system when you have AD.
You'd get this from the computers being on the domain and setting up proper security groups and permission sets.
What do you plan to do when you join these computers to the domain, and everyones files are missing? - Because they are logged into a new user profile - not that the files actually are missing, but are no longer accessible.
-
@DustinB3403 I know that I'dnot need an admin account when I have AD but I did it because I don't have an AD yet. not sure what would be the best solution. but I can backup every machine and wipe it off just before adding it to the domain and then restore all the data!
@DustinB3403 said in what windows server should I choose for Active directory?:
@Alan said in what windows server should I choose for Active directory?:
I want to create an IT department and start organising all the mess! I already implement Spiceworks as our ticketing system. start organising all the documents and creating an admin login for each machine...etc
You don't need an individual admin login for each system when you have AD.
You'd get this from the computers being on the domain and setting up proper security groups and permission sets.
What do you plan to do when you join these computers to the domain, and everyones files are missing? - Because they are logged into a new user profile - not that the files actually are missing, but are no longer accessible.
-
You need to decide if you are going to approach this from a BOYD type setup or from a total lockdown setup.
In the case of BOYD, you protect your data/applications from the PC - i.e. the apps don't run locally, therefore there is no local data, and you really don't care about the endpoint.
For total lockdown, well, then you have to control the whole thing. You're at a good point right now to make this decision.. heck, you're just a half step off a greenfield setup considering what you've told us so far.
Don't lock yourself into old school thinking that Windows and AD are required. I visited DropBox corporate office last year... no AD running there, and they have thousands of computers.
-
Well my question was more how do you plan to migrate users over to their new AD profiles. What happens when a computer has a user, let's say Bob Dole.
Bob Dole logs into the computer as bdole.
So under
c:\usersthere is a folder namedbdolewhen you join this computer to the domain, the local user account bdole won't login by default any longer.Instead it might be
[email protected]and this user profile gets a new folder underc:\users. Which this new folder will bec:\users\[email protected]and has no account items that the local user account had.No email, no my documents etc.
Backing up the entire computer or user data is a way to copy over files, but they would then have to be restored. Doing that for the 120 people will take an incredible effort to complete quickly.
@Alan said in what windows server should I choose for Active directory?:
@DustinB3403 I know that I'dnot need an admin account when I have AD but I did it because I don't have an AD yet. not sure what would be the best solution. but I can backup every machine and wipe it off just before adding it to the domain and then restore all the data!
-
File and settings wizard can solve the profile issue. Its on the install media of Windows 10, pretty sure it was there in WIn7 too.
-
@Dashrender said in what windows server should I choose for Active directory?:
File and settings wizard can solve the profile issue. Its on the install media of Windows 10, pretty sure it was there in WIn7 too.
It can pull over files, but not all of their customization's. I thought Windows 10 removed this as well... maybe just for certain levels of the OS.
-
I'm very late. But unless you have a very good, strong reason to not use the latest version, you always use the latest.
-
@Dashrender said in what windows server should I choose for Active directory?:
You need to decide if you are going to approach this from a BOYD type setup or from a total lockdown setup.
In the case of BOYD, you protect your data/applications from the PC - i.e. the apps don't run locally, therefore there is no local data, and you really don't care about the endpoint.
For total lockdown, well, then you have to control the whole thing. You're at a good point right now to make this decision.. heck, you're just a half step off a greenfield setup considering what you've told us so far.
Don't lock yourself into old school thinking that Windows and AD are required. I visited DropBox corporate office last year... no AD running there, and they have thousands of computers.
BOYD setup is what we have been using. the only issue with it is that we own all the devices. and we want a way to control and manage those devices. I'm not tied to AD Idea. what I want is some type of a system that will allow me to secure, manage and limit the access on some computers or from some users!
with the company getting biger a some sort of system should be in place! -
This is a handy tool for migrating profiles:
http://www.forensit.com/domain-migration.html -
@DustinB3403 said in what windows server should I choose for Active directory?:
@Dashrender said in what windows server should I choose for Active directory?:
File and settings wizard can solve the profile issue. Its on the install media of Windows 10, pretty sure it was there in WIn7 too.
It can pull over files, but not all of their customization's. I thought Windows 10 removed this as well... maybe just for certain levels of the OS.
I know someone who used this on Windows 10, they swore by it. files and settings. Of course setting might not be perfect for non Windows type things (i.e. third party apps), but it can be tweaked.
