Why bother with a domain?

[johnisotank]

Hi All,

I am looking for some information on why a company would implement a domain. Every time an IT specialist visits our site, upon finding out that we are using workgroups instead of a domain, they cannot believe it and insist we move onto one.

We have 10 depots across the UK with about 75 users in total.

We've had prices from some companies in the range of £5K for a full weekend of work and they admit that there will be a lot of disruption.

Weighing up the pros and cons as I see it, it doesn't seem worth it.

Pros:
1. Administering PC's will be easier (I won't have to get out of my chair as much)
2. People can switch to another desk and log in to 'their own PC'
3. More security.

Cons:
1. Costly to pay someone to set up
2. Will distrupt peoples work - possibly preventing them accessing data for a day or two
3. If domain controller goes down, people are screwed.

For the Pro's, 1+2 aren't a big issue to us but we would all like more security.

If I give my boss these benefits, he will tell me to p*ss off and so would I if I was him but am I missing anything?

Maybe I am missing some huge benefit but would like some help please.

thanks
John

 

[58sniper]

I disagree with the disruption being a day or two. Properly implemented, there should be only minor issues.

As for the issue with a domain controller going down, that's why you use two (or more).

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[itsp1965]

A long time ago I used to think in the same way as I came from Novell/Windows enviornment. As soon as I started getting more and more Windows servers, it became increasingly difficult to have to manage user accounts across multiple servers (which by putting them in a domain would solve), securing files/directories on these servers was a joke (consolidated management via domain -- a lot simpler)

Do you need a domain? It all depends on your requirements. Workgroups were designed for small networks of ten users with simple resource requirements. Do your users in one depot need to access resource from another depot office? Are you planning on expansion (ie more users more offices, etc)? Are your resources centralized or scattered between depots? Are you planning to implement MS Services like Exchange?

Just my 2 cents.

 

[w33mhz]

Well if you are hosting any kind of filesharing, email, shared applications, etc. It makes life easier, and sometimes cheaper, you can deploy applications, manage security settings and updates much more efficently. Now yes you can have all of this hosted and in some cases, maybe yours its better to. If you have most of your services hosted, you may have a little larger monthly bill, but if hosted with the correct people you have DR built in. If you only have a few applications that people use and setting up a new one is fairly fast and simple then you are probably doing the right thing now. It all depends on what your business needs.

Its just so very common to use an Active Directory domain, that people don't understand why not and Microsoft does recomend that at X number of people you should use an active directory domain for centralized administration. Of course Microsoft is in the software business and whatever to get you more into their software the better it is for them. As for the issue with a Domain Controller going down, if you just set another machine up as a domain controller as well you will have some redundancy built in and not be as dramatic of an outage when one were to go down. There are some other configurations you could do as well like placing a domain controller at each site and file server with DFS and yada, yada, yada.

I don't know what your current communication are at your sites weather you have point-to-point connections or some kind of broadband/T1 internet service with a vpn to the main site or just internet access, that is probably a hidden cost as well for you. You will need a point-to-point connection, unless you are doing terminal services/citrix. Its hard to say if it is right for your enviornment, without some more detail.

 

[johnisotank]

Hi There,

thanks very much for the informative replies.

We have 4 servers at head office:
Exchange (on SBS 2003)
Haulage Transport System
Smaller Email/Shared Files Server
Accounts System

And the other sites log into head office or have a very small number of shared documents locally.

I really spend a tiny amount of time administering users and security is not a problem as most valid users have access to everything (at the request of management).

So maybe not worth the effort by the sounds of it.

If I was spending a big chunk of my week doing this then I would definitley do it but I haven't even modified a user account in the past 2 months!

I'll look back for any more repsonses but Thanks very much for this help and I'll leave off for time being.

John

 

[itsp1965]

Well I'll ask a silly question. If you already have an SBS2003 server running Exchange, I'll assume you already have AD configured on it. Is there any reason why you can't leverage this AD implementation to support your user base?

 

[johnisotank]

We got SBS2003 purely to use Exchange and apart from the bare bones to have that working we have not made any efforts to implement Active Directory.

Would it be possible for me to set up a test PC and get that working on active directory and if it works ok then get real person A setup, then real person B spread over a few weeks...

Or is there a reason to do it all in one go?

Thanks
John

 

[58sniper]

Yes - but you should read up on how best to add users and computers to SBS. There are wizards you must use - not the normal ADUC snapin.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[w33mhz]

I really spend a tiny amount of time administering users and security is not a problem as most valid users have access to everything (at the request of management).

That right there kind of states that you should move to AD structure, most senerio's that is a bad thing! I mean if someone figured out how, do you think they would be responsible enough 100% of the time to NOT change their pay check or someone else's? Or get access someone else's mailbox and start sending bad emails to eveyone in the company or worse your companies customers? If you are hosting the services you stated yourselves you should definitly move to the AD structure to manage security and file access just for that reason alone.

You could still put in place AD in place and still give everyone full access to everything, but then you have the adapdability to tight security much more quickly (a.k.a cheaper).

I don't see how it would disrupt everyone for much time, your exchange mail could probably be the pain point in that respect, but I don't know, I haven't took an in place exchange and moved into AD, i don't know what the pain points there would be.

 

[reynolwi]

BUT.... i sure you guys realized when he said he already has SBS2003 and about 75 users. If he has 75 users he is at his max on SBS2003. He wouldnt be able to add any more users or devices without switching and upgrading to a full active directory domain and getting rid of SBS2003 or upgrading to EBS2008.

Wm. Reynolds
Premise Communications
Texas Public Safety Solutions

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -

Network Error:
Hit any user to continue