Does it make sense to use Windows Active Directory in a small group of say less than six users/ computers?

windows-server-2008 active-directory

Solution 1:

I don't see having Active Directory (AD) as adding complexity. Rather, I see it as making administration easier. I see the functionality that it enables in the client OS as being a major tool to allow for smooth future growth and replacement of computers.

From a cost perspective, there are very low cost versions of Windows Server (2012 R2 Essentials currently fills this niche) that bring a lot of nice tools to bear on small networks for not a lot of money. For small environments you don't have to mess around w/ CALs, too.

Speaking about this in a "bigger picture" view, where Active Directory is just part of a feature set that a dedicated server computer and server OS can provide, I see a lot of advantages.

  • Active Directory gets you single-sign-on, Group Policy, and the ability to create authorization schemes using Security Groups that will easily transcend employee turnover. In small businesses, in particular, a good permission strategy revolving around AD groups assigned to employee roles has enabled me to easily handle "Bob now does John's job" type situations (which seem to crop up more frequently in small businesses than large, in my experience) very easily.

  • Having WSUS is great. Oh, boy, I like having WSUS.

  • Did I mention Group Policy? Folder Redirection? Roaming user profiles? Oh, how I love stateless (or nearly so) client computers and the ease with which I can factory-reload a failed PC or replace a computer. Having users able to logon to any client PC and have basic functionality (client-side apps non-withstanding) turns "drop everything" emergencies into mundane service calls.

  • I like having a "real" server to handle infrastructure protocols like DHCP and DNS (versus some wonky toy "servers" built into a consumer-grade Wi-Fi router, etc).

  • Security auditing is much, much easier in an environment where centralized authentication and authorization are present.

  • I'm a bit partial to the PC backup functionality in Windows Server 2012 Essentials for very small Customers where otherwise getting them to spring for a couple spare PCs to be used in a "hot desk" capacity in the event of PC failure is too much for them to spend. It's kinda hokey, and I would prefer not to backup anything on client computers at all, but the time savings in small shops where client computer standardization is nonexistent is hard to argue.

  • The business might get value out of other bundled applications that the server could host like, say, SharePoint.

  • Offering users remote access through Routing and Remote Acess Services or Remote Desktop Gateway.

I like having an on-premise Windows Server with Active Directory in environments where there are Windows client computers. It makes my life easier and ends up costing my Customer less money, in the long run, than trying to "herd cats" by managing a fleet of non-domain-joined PCs.

Solution 2:

It makes sense if you have a business case for it. Think about what Active Directory gets you:

  • Centralized user and machine account management
  • Centralized access control using Active Directory security groups
  • Centralized configuration management with Group Policy Objects
  • Centralized DNS for your office

Can you get by without this? Yes and many small offices (and even some larger ones) do just fine without Active Directory but if you start finding that more and more of your time is taken up doing things like reseting someone's local account on all dozen computers you should think seriously about Active Directory. Microsoft makes Small Business versions of their Windows Server operating systems that bring Active Directory and many other services to that environment at a reasonable cost.

Solution 3:

If the Windows Server license is too much, but you have the hardware lying around, you could also look at using Samba 4 on something like CentOS. The setup is more linuxy, but the day to day is Windows RSAT so you'd do it from your Windows desktop, same as with Windows Server, just no license costs. Samba is also a fileserver that doesn't have the concurrent connection limit client Windows systems have.

Are you familiar with either Windows Server or Linux + Samba? One possibility is if you're not familiar with Linux is you can take this as a potential professional growth / learning experience beyond MS only.

Starting from scratch with either isn't actually hard.

Solution 4:

It really depends. Do you want centralized management of users, IT assets (printers, scanners, etc.), easy updates, the ability to enforce group policies, etc? Is the information sensitive at all?

The landscape has changed a lot. The entry price point has dropped, but more options are available as in offloading them to cloud. I find having a local AD instance with a hosted Office365 Pro Plus a really good environment to be in.

Perhaps you can even rent out some of your office work in Azure (assuming you have redundant and good internet with an idea of how much data flows through your pipes). Their SLA will probably be higher than your own internal unless you pay for a staffer or contractor.

Related

do you track your notes/references? [closed]
Use .bashrc without breaking sftp
How to reverse proxy to different places depending on subdomain in Nginx?
How can I retrieve the absolute filename in a shell script on Mac OS X?
Turning off cp (copy) command's interactive mode (cp : overwrite ?)
Restrict password based SSH access per user but allow key authentication
SCP copy windows local file to linux remote folder
How to connect to a Juniper VPN from Linux
How to persist ethtool settings through reboot
Is it safe to mount the same partition to multiple VMs?
Time Machine stuck on "Preparing backup" whenever returning from Boot Camp to OS X
Recurring "error code -50/invalid argument" resolved by reboot, better solution sought