networking requirements - do I need a domain controller?!

[Guest]

I'm trying to figure out whether or not I NEED to go through the hassle and added overhead of maintaining a domain controller; hopefully, someone can answer this for me as I plan out our office's new network...

We are a 20-person office, mixed Mac and Win 2k/WinXP systems. We have one Win 2K-based file server (Dell Powervault file server appliance), our e-mail and web services are outsourced and our office printers are handled by a Win2k Server-based print server (has to be Win2K Server). That's it.

We're about to upgrade our network w/ unmanaged switches and a Linksys router which will handle DHCP, firewall and routing services.

Right now, however, our desktop systems have manually-assigned IP addresses and we have an old WinNT server acting as a domain controller. I know this because shutting doen the server makes all of the network printers and the file server disappear.

I would love to be able to abolish the need for a domain controller w/ our new network and am hoping that this will be possib;e considering our modest setup.

Can anybody tell me if i can get away w/o one once we make the described hardware upgrade? Shouldn't systems be able to see our file server and print server w/o having to have a domain controller?

 

[Steven L Umbach]

Your small network can work perfectly fine without a domain controller. What you
mainly lose is centralized user management, centralized management of group and
security policy including password policy, and loss of certain technologies such as
kerberos authentication which can be very useful for implementing ipsec network
security. If you don't need any of that and don't mind managing the users in a
workgroup environment then that is your choice. In a workgroup for example, if you
have twenty users that need access to two servers then those user accounts will need
to be manually entered and maintained on each server which can be cumbersome managing
password changes. I personally prefer the domain configuration but each to their
wn. --- Steve

I'm trying to figure out whether or not I NEED to go through the hassle and added

overhead of maintaining a domain controller; hopefully, someone can answer this for
me as I plan out our office's new network...

We are a 20-person office, mixed Mac and Win 2k/WinXP systems. We have one Win

2K-based file server (Dell Powervault file server appliance), our e-mail and web
services are outsourced and our office printers are handled by a Win2k Server-based
print server (has to be Win2K Server). That's it.

We're about to upgrade our network w/ unmanaged switches and a Linksys router which

will handle DHCP, firewall and routing services.

Right now, however, our desktop systems have manually-assigned IP addresses and we

have an old WinNT server acting as a domain controller. I know this because shutting
doen the server makes all of the network printers and the file server disappear.

I would love to be able to abolish the need for a domain controller w/ our new

network and am hoping that this will be possib;e considering our modest setup.

Can anybody tell me if i can get away w/o one once we make the described hardware

upgrade? Shouldn't systems be able to see our file server and print server w/o having
to have a domain controller?

 

[Steven L Umbach]

Usually the domain controller has the user accounts and then permissions are created
on the domain servers that allow access to domain users/groups. Then when a domain
user tries to access a share the domain server accesses the domain controller to
authenticate the user. When a domain controller is unavailable, then domain users can
not be authenticated to a domain computer unless they can authenticate to a local
account on the server. Your situation sounds a little different in that there is a
local user database on one of your servers. I am not sure why everything stops in
your case when the domain controller is down. There is a difference between not being
able to "see" computers and shares and not being able to access them due to denied
credentials. If you can still access a share by entering \\xxx.xxx.xxx.xxx\sharename
in the run box on a client computer where xxx.xxx.xxx.xxx is the IP address of the
server offering the share then you may have a name resolution or browse list problem.
My guess is that the NT4.0 domain controller was the domain browser and maybe your
wins server and that networking browsing and/or name resolution is not working
correctly or temporarily interrupted. --- Steve

Steve:

Thank you for your great response; very helpful. My one remaining question is why

does my current network cease to function when I turn off the NT domain controller?
The only place where user accounts are set up is directly on the Powervault file
server and the print server is set up to allow access to anybody...

Jut want to be sure I understand the angles as much as possible before i go setting

up a "simplified network' that could throw me into fits!

 

[Guest]

OK, I'm learnin' I'm learnin'!

So do I need to have a WINS server and or a DNS server functional on the network in order to browse it? What is the function of each of those services (and i though DNS had to do w/ web site name resolution, not with internal Windows networking)?

Hang in there, I'll stop asking dumb questions soon...

-Chris

 

[Steven L Umbach]

No you don't have to have them in a small network. A dns server is a requirement for
an Active Directory domain as W2K/XP Pro computers use dns to find domain resources
such as domain controller and global catalog server in addition to regular host name
resolution. In an AD domain the domain controllers are the dns servers. Without a
domain you can use strictly your ISP dns server to resolve internet names. Wins
servers are required in a NT4.0 domain and can be usefully in any network. A wins
server assists in netbios name resolution, lan browsing via My Network Places, and
reduces broadcasts and speeds up network browsing. You can do without it in your
network but it would not hurt to make one of the servers a wins server. By default a
wins client in Windows is called a hybrid node [as shown by ipconfig /all] in that it
will first try to contact a wins server for netbios name resolution but will try to
broadcast for a netbios name if wins is not found. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382 -- good article
about W2K dns, but it mostly relates to Active Directory domain but something you
should know to help make decision.

OK, I'm learnin' I'm learnin'!

So do I need to have a WINS server and or a DNS server functional on the network in

order to browse it? What is the function of each of those services (and i though DNS
had to do w/ web site name resolution, not with internal Windows networking)?

 

[Alun]

OK, I'm learnin' I'm learnin'!

So do I need to have a WINS server and or a DNS server functional on
the network in order to browse it? What is the function of each of
those services (and i though DNS had to do w/ web site name resolution,
not with internal Windows networking)?

Hang in there, I'll stop asking dumb questions soon...

-Chris

No, and no! I have one of my clients networks (25 PCs, 2 Dell Poweredge
servers, and a couple of ADSL and ISDN routers) set up just like your
original post. They are all static IP, use Demon DNS, and are a mix of
W2K, XP Pro, and Win98 with 2 VPNs to other sites. No Domain Controller,
no internal DNS, no WINS, browsing works fine (although I had to set a
couple of registry flags on the XP machines) and no problems at all.
Only pain is doing the password changes on each machine.