Windows Server What can Active Directory Do?


Ian

Administrator
Joined
Feb 23, 2002
Messages
19,609
Reaction score
1,324
I'm very unfamiliar with the AD side of Windows Server, other than as a user authentication and management tool. I was considering rolling it out on our home network, so that I can log on to any PC or Laptop with the same credentials (as our NAS can join the domain).

I've had a good read up about Active Directory, Domain Controllers, etc... but I can't find much info beyond the actual structure of it. If I rolled it out on our network, could I roll out app installation across the network (I'm thinking if I provision a new PC, can I auto-install stuff).

Are there any benefits to backup management and file synchronising? For example, can I sync desktop shortcuts across every PC I log on to?

I'd really appreciate any thoughts from those more familiar with AD :). There's only so much I can glean from Googling.
 
Ad

Advertisements

Silverhazesurfer

Master of Logic
Joined
Oct 3, 2008
Messages
1,068
Reaction score
42
Group policy is awesome. You can configure and secure a system to however you want it to be. It has been some time since I played with a full AD installation. I am getting ready to promote my server at the office to a PDC for my office domain. This is new for everyone there so it should be fun to experiment since it has no real bearing on how we function yet.

Remember a few years ago when I was around here asking questions about USB discovery? These were some of my earliest posts. I received quite a few responses such as "don't do it" "that's not how this works." In the end, I was working on securing Windows XP boxes that reported back to a generic server OS to transmit money values for a small "grey market" gaming company. Group Policy Editor allows you control over every aspect of a system when it authenticates to the primary domain controller.

What Server OS are you planning to implement? I run Server 2012 R2 on my tinker box at the shop.

Edit: Group Policy Editor comes with every installation of Windows. In AD, you can manage how permissions affect Group Policy. Joining a workstation to a domain will cause the domain GP to overrule the local GP. Whenever you log on to a machine, your domain GP will be in effect.

https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
 

Silverhazesurfer

Master of Logic
Joined
Oct 3, 2008
Messages
1,068
Reaction score
42

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,609
Reaction score
1,324
Thanks @Silverhazesurfer - I'd be looking to add around 6 Windows 10 PCs to the domain, perhaps on a server running Windows Server 2016... but my NAS has a Domain Controller option, so I was tempted to use that.

What I'm ideally after is a way to do the following:
  • Manage Group Policy settings to disable Cortana, etc... - basically use to customise the machines how I like them.
  • Deploy software packages on new and existing systems, so if I format the machine it'll install common things like Notepad++, FileZilla, etc... Ninite works well for this at the moment, but it would be nice to have a homebrew version.
  • Control access to the NAS shares automatically (it has AD integration).
  • Integrate O365 accounts, so the auth details are rolled out to accounts automatically.
  • Profile roaming, so if I log on from my laptop or desktop, I still have the same documents/favorites/etc... in place. Even if connecting via VPN.
I've kicked the tinkering with AD in to the long grass for now, but I do intend to re-visit it one day :).
 

Silverhazesurfer

Master of Logic
Joined
Oct 3, 2008
Messages
1,068
Reaction score
42
Which NAS do you have?

Cortana - Group Policy should be able to be run on the AD profile setup for the user.
http://www.thewindowsclub.com/disable-turn-off-cortana-windows-10

Software installation via GP
https://technet.microsoft.com/en-us/library/cc753792(v=ws.11).aspx

Managing Folder Permissions - Basically the same as any permission. Set user, set permissions at the folder level. Permissions are inheritable and are dependent on the group to which the user belongs in AD. If the user has Admin creds, then it doesn't really matter what you set for a folder permission. If an admin can access it, then the user can as well.
https://msdn.microsoft.com/en-us/library/bb727008.aspx

O365 Details here. Honestly, I would have to have a setup to play with while looking at some of this information. I don't play with this in any facet and I am seriously uneducated in the application. I don't really like cloud applications or cloud-reliant data management. What happens when I, or my users, cannot access any information when the Internet is down? Nobody can work and I don't like that much wasted payroll.
https://support.office.com/en-us/ar...irectory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9

Apparently, there was a recent update to the roaming profiles options within Windows...3 days ago.
https://technet.microsoft.com/en-us/library/jj649079(v=ws.11).aspx
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,609
Reaction score
1,324
It's the QNAP TVS-873 - running the latest QTS.

Thanks for the info, I'll start setting up a few VMs on the NAS and get a working AD setup there before rolling anything out. Profile roaming looks like a fun place to start, as that's the thing I'd most like to use.
 
Ad

Advertisements

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,609
Reaction score
1,324
I've just set up the AD server on the NAS, along with two W10 VM's. I've got them both joined to the domain and roaming profiles works, but I need to test how it copes with several profiles logged on at the same time (and see what it does with syncing files).

Just testing depoying 7ZIP via MSI at the moment.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top