Networks·41,397 discussions

Work Group verses Domain

Locked

I very recently inherited an IT department that numbers roughly 25 systems in size. To my dismay I found that every thing is on public IP’s. The network is actually one giant work group. I want to run a domain and lock down the system but I’m leary of making changes too quickly because as raunchy as things are, these guys have learned to ‘work’ around their little headaches. Besides I am still looking for any data/app’s that may be sensitive to the change. I’ve run Small Business Server for another company but these guys are still on server 2k. They have expressed budget issues to upgrading is not in the works but I can certainly do wonders with what I’ve got here right now…What considerations come to mind based on what I mentioned so far? I could really use some input as I’m flying solo hear.

Topic

Reply To: Work Group verses Domain

In reply to Work Group verses Domain

as long as there are no apps that won’t run on a domain, get it switched over.
( licensing issues )

better security, and fewer problems.

Reply To: Work Group verses Domain

In reply to Work Group verses Domain

first issue is the use of routable IP addresses. Its a simple issue to change over from routable to non routable addressing scheme without effecting the network [best to do it when everyones gone home].

The biggest advantage to going with a domain is centralized management of resources. Users no longer have to have their accounts on all the computers in the workgroup to access shared resources. The drawback is that users can’t install and run a program they want to unless they have permission to do so. That usually causes the most problem if they had carte blanche over their workstation and now they dont.

The other drawback to going with a domain is that only you will probably know how to administer it. That often times makes users who are used to having control over their computers very reluctant to lose that control.

Reply To: Work Group verses Domain

In reply to Work Group verses Domain

Thanks folks for the input. Regarding any network sensitive apps, I think only there’s only one so far that may be of concern but I’m confident that I’ll be able to work with it. Regarding user policies; I agree that some users may have issue with the changes but in the long run the company and the network would be beter suited by relinquishing some control in order to bring more efficiency and productivity to their daily routines. Yes, the changes will be a bit tough at first but the cost savings, man hours spent and overall change will reflected for a few years to come. Truly if I sent you a synapsis of what has transpired prior to my being here, you would be saying #$**@@#!!!!!! Nonetheless, I’m knee deep in it now and this bring new definitions to the challenge.

Reply To: Work Group verses Domain

In reply to Work Group verses Domain

Well, ok on the applications concern. Only 1 that is a potential problem which probably isn’t one.

So whats the entire hardware topology top to bottom? e.g. access to the internet? if so how? any firewalls or proxy in place? if so what? any managed switches? You mention they run W2K server. what is it for? Can it be made into a DC AD? Are all workstations W2K or better? Any W9Xs? Is Office 2000 or better run? What are the shared resources the 25 users all have to have access to, to do their jobs?

What you might want to do is test out what you want to do before implementing it. Its easy to setup a DC with AD, DHCP, RRAS, on one box and then hook up 1 workstation. create a few user accounts, install the potential problem app and see exactly what happens? If the problems are minimal, you can actually migrate the DC you setup into the production environment provided that access to shared resources workers need access to to do their jobs isn’t effected.

Reply To: Work Group verses Domain

In reply to Reply To: Work Group verses Domain

Note: plan plan plan before implementing. Plan your functional layout with OUs. Plan out your domain. plan out user desktop configuration, … I mentioned plan didn’t I?

Do it in the test environment. Test it out. Joining workstations to a domain is a matter of visiting each one and joining it. Making sure users have what they need is the biggest headache. If you do it right, they might not even be aware you swapped over to a domain except possibly to access something thats local only to find they haven’t logged in locally.

Reply To: Work Group verses Domain

In reply to Work Group verses Domain

What they say is true but you have to move it fast before disaster strike. Remember that if one or more client computer is down then they will suffer on losing data and important file.
End of the day you will be the one they blame.\

To avoid that you have to quickly move in a server and run it as DC or AD, DNS and DHCP. Shift slowly one by one among them to join the domain. I suggest you join the latest OS first then only decending order.

Do take this under care cause some OS might lost data when you join them to domain especially for those with NT eg. win2k and winxp pro.

Do a testing right after you join one of them on shared environment, printer and application.Lock them up with AD user group and folder permission.

This task might take time and cost but in long term they will cost effective.

[Author]

Replies