Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD or no AD 6

Status
Not open for further replies.
iolair

iolair

IS-IT--Management
Oct 28, 2002
965
US
I'm sure this has been asked before, so please don't flame me. I've looked at Microsoft's website, and have searched the FAQ's and Forum questions on this forum and the W2K forum. I haven't found a satisfactory answer.

I have a small LAN (50 users, 10 printers). We have been told by upper management to convert to an all-Windows network. We currently use file services, print services, backup services, anti-virus services, and use a login script to map users' drives.

We have studied our situation and think we can get by with three servers, so that one server will be file, print, and backup. One server will be anti-virus and network monitoring, and one server will be for internal webservices.
Our email is hosted by someone else.

My question is this: with such few servers and users, would we be better off NOT using AD, since we would only have to enter a user's account on three servers? How much of an impact on server performance does AD have? Is it a memory hog? Disk hog? Would there be any benefit to using AD on such a small LAN?

Thanks

Iolair MacWalter
Director of IT
 
Sort by date Sort by votes
Go with AD, without question. AD impact in such an environment is minimal, and will be so much easier to administer than not.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Unless I'm mistaken, you're coming off of Netware, and are used to the ease of administration it offers. You will definitely want AD, if only for GPOs. Without it there is almost no administrative control.


"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 
Upvote 0 Downvote
Thank you. Yes, LawnBoy, having to leave Netware, which I hate to do. Netware has been good to me for almost 20 years.

Davetoo, I assume AD doesn't hit the memory or disk hard in this scenario. Would you make all three servers a DC, or would you just do two of them for redundancy?

Thanks again.

Iolair MacWalter
Director of IT
 
Upvote 0 Downvote
For 50 users you are still in the sweet spot of Small Business Server(SBS) with still a little growth. SBS allows up to 75 users and can be the only DC in your network. You can have member servers to act as file/print/anti-virus/etc..., but to steal a quote "there can be only one" active directory domain controller and that's the SBS server alone. If you don't have a good understanding of Windows networks, then SBS is also good due to the wizards. Just remember... SBS, do everything in wizards or you might break something.

Now not to take away from Pat on the SBS point;however, Windows 2003 R2 Standard is less expensive than SBS due to the fact that SBS Standard includes the Windows 2003 R2 OS, Exchange 2003, and some other minor applications. SBS Premium has everything SBS Standard has plus ISA 2004 (firewall), and SQL 2005 Workgroup Ed.

So it boils down to ease of use and added application servers(SBS with the wizards), or just regular Windows Standard OS only, a little cheaper and the ability to have more than one domain controller for redundancy.

If you feel this will be the only site, you won't grow your numbers too much over 50, and you have even the twinkling of an idea to bring email in house, then I would go with Pat's suggestion. Just make sure you build out your server to handle your OS functionality, and email/SQL functionality if you think you will house those processes on the same box...(I think you can install those processes on other member server boxes now with R2 of SBS).

Also take into account that if you do go with SBS, many anti-virus and backup software manufacturers have special versions for SBS and Small/Medium Business.

Hope I could assist a little more.
 
Upvote 0 Downvote
Agree with Davetoo and Lawnboy, you NEED to go with Active Directory. Tread VERY slowly with GPOs until you understand the consequences of screwing up policies. Trust me, if you make many policy changes, and things go wrong (and they will), you will really screw things up, trying to correct the issues.

I have benchmarked a raid server, setup as a workgroup and then as a FSMO DC, there is NO difference in the disk benchmarks, no memory hit unless yo go with less than 2 Gig. Obviously if fifty users login at 9 am, at the same exact time, yes, AD will take some resources. If you had 1000-2000 users, then AD will have an affect on server performance, at all times.
I miss Netware also, used it from 1983, but Windows is fun, and has plenty of toys.

Suggest you get Mark Minasi's Mastering Windows Server 2003 by Sybex
No Microsoft nonsense, in depth coverage of AD. Mark is one of the most knowledgeable, and one of the best technical writers . The Active Directory bible to get.
Regretfully you will need to read it cover to cover(1676 pages). Dns, a critical area is nicely covered.

To give you an idea what a fast server, with a fast raid setup can handle (mostly with raid 1 for OS, raid 5 for data)...

On a number of my clients (most 75 or less users), the FSMO DC will handle running SQL, Dynamics 9.0, Symantec 9.0 CE, MS Word, Raid management software, Veritas backup, UPS software, plus other software, and ALL the management tools for AD... easily.
The servers are used as file servers, I do not like to place print services on AD FSMOs particularly. All the FSMOs run DNS, DHCP, Wins, Terminal services (for admin mode) services. No performances issues, plenty of speed.
Under no circumstances would I run IIS on a FSMO; will run it on a DC for WSUS. I only allow tested software, and only the bare minimum,,no demos, no test software, no esoteric software for running DVDs, games, little used programs, etc....the bare essentials.



........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
cajuntank said:
can be the only DC in your network.
Click to expand...

That's completely untrue. You can have as many DC/GC servers in your environment as you want. There is NO limit in SBS for that. SBS, however, must be the holder of all FSMO roles.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
I think he was referring to the query as to how many DC's were needed...the SBS "can be" the only one if the OP would like.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
I can not thank all of you enough for this great information. You all deserve a raise today. I just got Minasi's book, you're right, it's huge, but it's good, the little bits that I've read. Now, to build a test server in the lab...............

Thanks again very much.

Iolair MacWalter
Director of IT
 
Upvote 0 Downvote
My mistake Pat. I should have said only one domain and not said domain controller.
Ok...no more mistakes for the year... yeah right ;-)
 
Upvote 0 Downvote
Iolair...

As to server hardware, get decent disks and hardware controllers; do not even consider OS based raid. Raid 1 for the OS for safety, especially the FSMO, particularly if you have resident programs such as SQL with open files. An Active Directory restore is scary the first time around, piecing back programs with open files, even with a TBU, is a royal pain.

I find it handy to create a running diary in notepad, saved to the desktop (and copied over to another machine), of all changes made to the server especially GPO, registry changes...a year down the line you will forget or another tech will not be aware of them. Print screening all DNS, DHCP,Wins etc properties pages, to a word processor can save quite a bit of time in the future.

"Now, to build a test server in the lab..............."
Best way to learn, heed Mark's advice, create your DNS first, check for errors then DCpromo. Download the Windows resource kit.. run the two main tools for initial AD setup, DcDiag and NetDiag.

Lastly, Windows lacks "delete inhibit" and a decent "Salvage" and it looks like MS will never get it, look into Executive software's "Undelete", far superior than System Restore for file restoration.


........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
also check out abe (access based enumeration)
get the box as netware'd as possible
 
Upvote 0 Downvote
Sorry CajunTank - there is one more mistake..

Windows 2003 R2 Standard is less expensive than SBS due to the fact that SBS Standard includes the Windows 2003 R2 OS, Exchange 2003, and some other minor applications.
Click to expand...

This is not true. SBS in a volume license version with Software Assurance can cost under $700 (I just got it for a client from Dell). I didn't get a quote on Standard Server, but to compare apples to apples, reference these two Newegg links:
SBS 2003 R2 Standard: $480

Server 2003 R2 Standard: $885

That said, you might also want to take a cursory glance at my page of SBS links and information:

And I completely agree... DEFINITELY go with a domain. Frankly, I'd rather have a domain then a workgroup in almost any environment. (I will admit, I've never worked with Netware and only have a basic understanding of how things were done).
 
Upvote 0 Downvote
LW....
You would have liked Novell...a good fast/secure/stabil OS, with an working AD structure before Microsoft barely had a server OS. Shame, the idiots at Novell management gave the market to Microsoft..they were too busy playing golf.


........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
Sorry LWComputingMVP but I will have to differ. As you state comparing apples to apples (list prices, non SA)

Windows SBS 2003 R2 Standard Server w/ 5 CALs $521.00
Windows SBS 2003 R2 Standard CAL 5 CALs $461.00
Windows SBS 2003 R2 Standard CAL 20 CALs $1841.00
Windows SBS 2003 R2 Standard CAL 20 CALs $1841.00
Subtotal $4664.00

Windows Server 2003 R2 Standard Server License $719.00
Windows Server 2003 R2 Standard CAL $29.00 x 50
Windows Server 2003 R2 Standard Media $27.00
Subtotal $2196.00

The original question did state that he had 50 users, so while the initial server license is cheaper for SBS, the per cal charge getting the count up to his desired 50 will cost him an extra $2500.00 give or take.

So I'm still at 1 mistake for the year... ;-)
 
Upvote 0 Downvote
Ok - I'll call it a draw.

Your comment originally made no mention of CALs - just of the server components. ;-)
 
Upvote 0 Downvote
Thanks again for all your help. Yes, I do have hardware level RAID, and am using redundant power supplies and NICs. I've started setting up a lab server, but it looks like it will take some time to learn where all the GPO, Domain Controller Policy, Domain Policy, Server Policy, etc. all lives and what each one does. And which ones cancel out which other ones, etc. Probably way more control than I need, but, I guess you can finely tune your environment. Too bad there's not a good login script to map those drives. Oh, it looks like auditing events is a lot easier in Windows. Is that true?

Iolair MacWalter
Director of IT
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
673
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
287
DrB0b
DrB0b
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
514
Aquiles Vidal
Aquiles Vidal
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
445
DTGMI
DTGMI
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
897
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top