Active Directory Overkill?

[Mr Pickles]

Hey There,

I'm setting up an office. They currently have three users, an all in one, and a Dell Server running Win2k3 Standard. Would it be overkill if I installed AD on the server and created a domain or do you think it will be better for them overall? I was thinking about building out a workgroup for them just so they can have a shared file on the directory and check scanned docs.

What do you think? AD or Workgroup?

 

[Nothinman]

AD isn't a big deal and having proper DHCP and DNS is worth it by itself IMO. But why didn't they get SBS instead of straight Win2K3?

 

[RebateMonger]

Active Directory is never overkill.

Assuming it's set up correctly, it'll make it much easier to provide secure access to computers and files. I've had cases where something that'd take five minutes with AD takes hours to complete with a workgroup.

And, yeah, assuming they had to pay for their software, SBS 2003 Standard Edition would have saved a lot of time and money, and DNS, DHCP, Remote Access, Backups, and server monitoring would have been set up automatically and correctly.

 

[Mr Pickles]

Thanks for the replies. They bought the server that came with win2k3r2 and then called me.

 

[TheKub]

Centralized user accounts and group policy are big WINS. Go for it.

 

[dman]

It's all good unless/until the server goes down. Maybe setup a second pc with a virtual image and a backup DC or something. I dunno, I don't deal with SMB space much, maybe having a single DC AD forest is not a big deal?

 

[Nothinman]

I don't deal with SMB space much, maybe having a single DC AD forest is not a big deal?

MS seems to think so since they market SBS as a "one server does everything" product.

 

[RebateMonger]

SBS servers have been very reliable for me. One thing that makes SBS very reliable is that all the commonly-used services are set up by wizards and are done properly. The servers that give me problems are the ones that have been "modified" by owners or administrators.

The built-in server monitoring and built-in automated backups also make maintenance and repair easier. And since they are all, in theory, "identical", it's much easier to diagnose and fix problems. I can compare the status and settings against another SBS server and see what's wrong.

 

[dphantom]

Originally posted by: RebateMonger
SBS servers have been very reliable for me. One thing that makes SBS very reliable is that all the commonly-used services are set up by wizards and are done properly. The servers that give me problems are the ones that have been "modified" by owners or administrators.

The built-in server monitoring and built-in automated backups also make maintenance and repair easier. And since they are all, in theory, "identical", it's much easier to diagnose and fix problems. I can compare the status and settings against another SBS server and see what's wrong.

Exactly. The only issues I have ever had with SBS servers are where mods have been made and I have had to undo/figure out what was changed. Use the wizards, and an SBS server can be setup in no time and correctly.

 

[Slowlearner]

For the small number of users, if you already have Window 2003 server, go with a workgroup - its quite painless - do make sure people understand what are and are not good computer usage practices in an work environment. Also ensure that a reasonably good av software is running on all pcs, and set up to scan daily on the server. Email/web hosting should be outsourced.

If there are people likely to fool around, and install this or that AD is the way to go.

I have never been impressed with SBS 2003, which like most what people in Redmond dream up is a mish mash of this and that with no clear advantages.

 

[RebateMonger]

Originally posted by: Slowlearner
I have never been impressed with SBS 2003, which like most what people in Redmond dream up is a mish mash of this and that with no clear advantages.

Which of the ingredients of SBS are the mish-mash part?

Remote Access?
Automatic Backups and Backup Monitoring?
Automatic Monitoring of Server Health?
Exchange Mail Server?
DNS Server?
DHCP Server?
Active Directory?
Pre-built SharePoint Data Sharing Site?

--- All set up automatically and correctly ---

You don't see how giving this to a company for $450, saving a couple of thousand dollars in licensing fees over buying the software separately, isn't a "clear advantage"?

 

[kevnich2]

For a small business, SBS 2003 is the way to go. It's easy to setup, maintain & administer and includes all the products of the big boy OS's in a much more economical price especially for SMB's

 

[Nothinman]

Which of the ingredients of SBS are the mish-mash part?

I always thought it was funny because doesn't MS recommend that Exchange get it's own server and never be installed on a DC? And then they go and release a product in just that configuration.

 

[TheKub]

Originally posted by: Nothinman
I always thought it was funny because doesn't MS recommend that Exchange get it's own server and never be installed on a DC? And then they go and release a product in just that configuration.

A server designed for 20-40 people has different recommendations than an enterprise installation servicing several hundreds (or thousands) of users.

 

[Nothinman]

A server designed for 20-40 people has different recommendations than an enterprise installation servicing several hundreds (or thousands) of users.

But it still doesn't make much sense. DNS, DHCP, auth, etc are all extremely low resource services. Hell of the 3 listed only 1 is going to see consistent use throughout the day in most places and with DNS caching in the Windows client that should be pretty low as well.

 

[drebo]

It looks like the OP is talking about a server with Win 2k3 R2 Standard, not SBS, anyway, so it's a non-issue.

A network is never too small for AD. AD can be as simple or as complicated as you want it to be. If the company already has the software (Win 2k3), why not set it up? At the very least, you can use it for centralized user management, which is more than enough reason to use it anyway. If the server was shipped with Win 2k3 on it, and has an OEM sticker, then it also includes 5 CALs...so, no extra licensing needed to set it up even.

 

[Slowlearner]

As I said if your users are likely to fool around with their pcs, AD is the way to go.

For 5 users or less, with SBS all you get is Server 2003 and Exchange Server in its basic configuration. So an outfit with 5 users is expected to host their email in house, when its quite possible they do not have minimum safeguards in place. As soon you add the sixth user, things start to look very different and whole lot more expensive - 5 addl CAls cost a whole lot more than CALs for Server 2003.

I had a branch office with eight users, and with everything I had heard went and purchased a server +SBS 2003. Then I discovered I had to have AD so no more windows98/XP home etc -like it or not - I already had email/web hosting with our telecom provider for like 10$/month - forced me to upgrade the OS in all our pcs at that office with zero improvement in anything else. The only thing I have to commend SBS 2003 is that it was easy to install on a HP ML1210 (<<server) and it quickly found chipset updates etc on its own, and its fire wall is effective. As for any other benefits - zero zilch none - repeat zero zilch none - all the other benefits Rebate Monger touts can be done at no cost using open source or free ware software or better with good hardware (router/switch).

I am sorry to report that Server 2003 is quite capable as SBS 2003 for most small businesses.

 

[drebo]

There's no such thing as an HP ML1210, and all versions of MS Windows Server are easy to install on all HP ProLiant servers because of SmartStart.

And any technician worth his salt would not let a company host their own email unless he made sure that it was properly set up, which includes any safeguards which may need to be applied.

If you don't need Exchange, don't get SBS. However, SBS 2003 is cheaper than Server 2003 Standard R2. You don't need to configure the Exchange portion, however, it is useful for more than just email.

Just because you do not have the wherewithal to properly exploit the capabilities it gives you does not mean it is an inherently bad software suite.

 

[RebateMonger]

Originally posted by: Nothinman
I always thought it was funny because doesn't MS recommend that Exchange get it's own server and never be installed on a DC? And then they go and release a product in just that configuration.

MS put a LOT of work into making SBS 2000 and 2003 work. For instance, they modified 2003's Exchange/NTBackup so that Exchange and System State can be backed up with the same backup. That's a no-no with straight Server 2003.

Yes, SBS "violates" some of the "rules". With a single all-purpose server, some compomises are inevitable. If you follow large-corporation rules for security and infrastructure, you'll end up well beyond the financial capabilities of a small company. So you compromise.

Heck, SBS 2000 even allowed Terminal Services clients to log in, which is considered a bad thing. And SBS has Exchange on the Domain Controller. But I've read (and tend to believe it) that there are more total Exchange Servers attached to SBS servers than all the other Exchange Servers in corporate use.

 

[RebateMonger]

Originally posted by: Slowlearner
As I said if your users are likely to fool around with their pcs, AD is the way to go.

For 5 users or less, with SBS all you get is Server 2003 and Exchange Server in its basic configuration. So an outfit with 5 users is expected to host their email in house, when its quite possible they do not have minimum safeguards in place. As soon you add the sixth user, things start to look very different and whole lot more expensive - 5 addl CAls cost a whole lot more than CALs for Server 2003.

I had a branch office with eight users, and with everything I had heard went and purchased a server +SBS 2003. Then I discovered I had to have AD so no more windows98/XP home etc -like it or not - I already had email/web hosting with our telecom provider for like 10$/month - forced me to upgrade the OS in all our pcs at that office with zero improvement in anything else. The only thing I have to commend SBS 2003 is that it was easy to install on a HP ML1210 (<<server) and it quickly found chipset updates etc on its own, and its fire wall is effective. As for any other benefits - zero zilch none - repeat zero zilch none - all the other benefits Rebate Monger touts can be done at no cost using open source or free ware software or better with good hardware (router/switch).

I am sorry to report that Server 2003 is quite capable as SBS 2003 for most small businesses.

Let's see:
1) You don't HAVE to use Exchange. If you want Users to use another mail server, nothing stops you. Leave Exchange as-set-up and have it email the daily performance reports and alerts.
2) I'd never install SBS at a Branch Office because it has to be the Root of its own Domain and can't establish a Trust with any other domain. For a Branch Office, use straight Server 2003 an keep SBS in the main office.
3) You can use SBS in the same office as Windows 98, NT, and XP Home. There's an AD DSClient available for 98 if you need to authenticate to the Server. XP Home, too, can authenticate just fine. I've got several offices with XP Home on some desktops. Exchange email can be accessed just fine by any PC, joined to the domain or not.
But I wouldn't allow a Win98 computer on anybody's network anyway. It's too trouble-prone and too insecure.
4) The original question concerned Windows Server. Adding ANOTHER piece of software (open source or not) just complicates things. If you install a Windows Server, then use it for DHCP and DNS.

 

[ViviTheMage]

Originally posted by: Mr Pickles
Thanks for the replies. They bought the server that came with win2k3r2 and then called me.

sounds like this was their first mistake! They should have talked to you before buying anything.

Set them up with AD, it's nice to have.

 

[Slowlearner]

OP's original question was whether or not to use AD, somehow the discussion veered off to the advantages of SBS 2003 over Server 2003.

My perspective on this is solely as a user. Having dealt with many IT providers, what I have found is that you get a lot of confusing, incomplete, and even inaccurate information. Your chances of finding some one who takes the trouble to really find out what you need, takes time to review all the possibilities, and then present a coherent plan is slim. They are out there but hard to find - referrals from similar businesses is a good place to start.

A small business with a few employees does not "have the wherewithal to properly exploit the capabilities" of any complex software. For such business it is always preferable to keep things simple, as they have many other things to worry about.

 

[Genx87]

It is more simple to have a single account with permissions authenticated via AD than setting up the same account on every workstation and trying to keep the passwords synched.

Once you get past 2 workstations the overhead becomes higher and higher.

 

[sonoma1993]

Originally posted by: RebateMonger
SBS servers have been very reliable for me. One thing that makes SBS very reliable is that all the commonly-used services are set up by wizards and are done properly. The servers that give me problems are the ones that have been "modified" by owners or administrators.

The built-in server monitoring and built-in automated backups also make maintenance and repair easier. And since they are all, in theory, "identical", it's much easier to diagnose and fix problems. I can compare the status and settings against another SBS server and see what's wrong.

When i was playing around with SBS2003 and SBS2008 last year, loved those handy wizards to setup the email account, documents redirections, user quota, remote access and all the different wizards it had to get the server up and running. May it very easy to do and so soomth. With my Linksts DD-WRT 54g with the DD-WRT firmware on it, sbs2003 and sbs2008 detected the router through the router upnp. It setted up the correct ports that needed to be forward to the server for me.

 

[Goosemaster]

Depending on the environment, AD + document redirection policies + mapepd drives are relatively easy to get working at basic levels and, with good backups in place, one can asure that data loss will always be minimal if a workstation should fail, regardless of where that data is created. That right there makes it completely worth it.

With AD you can easily implement technologies such as WSS and remote access since you don't have SBS.