Do You Really Need Active Directory

Рет қаралды 3,827

Күн бұрын

Пікірлер: 11

@mikapaavola 5 жыл бұрын

Great overview, thank you. I've been running a SMB company both with the P&L responsibility and from the ICT management point responsibility. I totally agree with what you are saying agree - it all depends on your use case if you need or need not an AD. My main pain point with AD is that with it you are drawn into a whole set of associated costs with the Windows Pro licence requirement, AD cals and you end up with "enterprise" priced laptops and maintenance. The other key issue with the associated costs is that it severely limits the selection of the equipment. For example, with the sales force and other road warriors you most often would like to have lightweight compact laptop which does not need a lot of performance. Entprise laptops with Windows Pro falling in this category tend to be twice as expensive as consumer models, which would do just fine plus there is quite a bit more to choose from for different purposes. Without having the backend ERP auhtentication tied with AD there really would not be need for a AD and all the overhead related to it.

@Completely_Incomplete Жыл бұрын

I use AD mainly for managing Group Policies and Secuirty i.e tightly controlled access to admin level features such as powershell and command, regedit, control panel, app installs or uninstalls, access to USB drives, settings, GPO based printer deployments, etc. Anything and everything that the user doesn't need to change, thus limiting the number of callouts and tickets for avoidable problems, like I cant find my Chrome (because you uninstalled it), or I got a virus (because you disabled protection). While this is costly for small businesses because they need to invest on a local server, I don't see an alternative from a securtity and manageability perspective. If there are any other thirdparty tools that allow us such controls, I'd love to hear bout them.

@kristopherleslie8343 6 жыл бұрын

SAM so can you break down some ways to move to the LANLess future? I'm deeply interested in the topic!

@samit8178 6 жыл бұрын

Transitions are, of course, very hard. And it takes a lot of steps. First you have to make sure all workloads aren't LAN dependent. Once you have that, you can make your authentication and management free from the LAN. Then you can remove the LAN itself, at least as far as extensions like VPNs, and such. It's really just a matter of tackling workloads. I'll try to make a video talking about it, but the high level view is just start at the user and work back to the core. And make sure that all new workloads and tools are not using any LAN service (like AD.) For most businesses today, it is either legacy apps that are so ridiculous that everyone knows already that they need to be replaced, or it is things that were installed for them, like AD, that tend to lock us into the LAN. Replace any lingering legacy apps, then you can replace AD or whatever LAN based authentication method, then you are often free. The LAN still exists, in most cases, but the dependency on it is gone.

@kristopherleslie8343 4 жыл бұрын

@@samit8178 sexy topic still. I think if you can produce like an example of one so those (like myself) not as experienced but just can keep up with topic and walk through an example of this we can reproduce in our home labs it would be awesome. I have now about 5 servers at home and I'm still building my lab. So I am very interested still on how to do this because I still deal with a lot of SMB's and I would want to get fluent on this type of delivery to be able to sell my services :)

@juliusj5092 2 жыл бұрын

Do you happen to know any good open source solutions to local windows user managment? Projects like keycloak work great for sso, and tactical RMM though relitivly new works great for remote computer management (and can be used to do scripted user management, but it's pretty ulgy way of managing that.), but I haven't found a good way to manage user accounts on windows computers without AD.

@samit8178 2 жыл бұрын

I use TacticalRMM a lot, too. For user management, it really will depend on your environment. But some scripts might do the job. As can Ansible or Salt or other tools like that. Make a master user table in those tools and automatically push it to all end points, or subsets of the users to some endpoints. And this allows for unique passwords by machine, or matching, depending on how you do it.

@SamerAlomar 4 жыл бұрын

Hi sam. Thanx for the useful video. I have a small office of 8 users. We deal with small cad files. Is a nas hardware the rihjt answer? We are running an old windows server that we only use as a file server

@samit8178 4 жыл бұрын

A NAS device would work very well for this, yes.

@SteveStowell 4 ай бұрын

Ad is really around so and not drives

@samit8178 4 ай бұрын

In theory, but there are alternatives for SO and the majority of AD deployments, like easily 90%, see it only as a drive access tool. The average IT pro actually doesn't know it in any other context and will often say it's a requirement for mapped drives! I've found the nearly all AD deployments are out of confusion, rather than intent.