Ok... I have a home network, a decent one. Has a server and such. Have a look at my diagram (http://www.reece-eu.net/images/network.png) to see exactly what's in it.

The server runs DHCP and DNS, I have "reece-eu.net" for the network working well, but the network itself is in a workgroup mode. The server also provides over 300 GB of video files (mostly TV shows) for me to watch around the house as and when I like. My music and software downloads all go on it too.

I have been asked by a fair few people over the years why am I not using a domain controller, and I reply "what's the point?", until they reply again "are you stupid or what?".

I'd like to know if a domain controller would really benefit me. I mean, only 2 of those clients (XP x64 ones) could join it, and the laptop I take to uni so I couldn't use it from there as they don't allow VPN. My profile is syncronized between my 2 clients via my server using Second Copy 7, so my documents and application settings and such follow me... why would I want a domain controller when I've already got what I want working well for me?

Am I stupid for not turning my home server in to one, or are people calling me stupid for not having one themselves stupid for not understanding my justification for not having one?

You don't need it.

You'd only need it for doing Exchange really. Otherwise, most other stuff will run with a simple server. Failing that, some things will use ADAM - a stripped down AD used for specific applications.

If you haven't missed it this far, you're not missing out.

Really it simplifies security so even with only 1 server and 2 clients it is still useful, just not as useful. Plus you get time syncronisation, woo. :) No it doesn't sound as if you would use many of the features but since you already have server then why not have domain controller?

Do you even need one for exchange servers? What is this ADAM you speak of? Not me obviously, I've come across it before in active directory.

Even if I were to make it a DC Elkeeed, only 1 client could use it. My laptop can't use it from University as they don't allow VPN. The only advantage I see is not having to have the same username and password as a local account on machines. The server has about 8 users. John's computer only has a local user/pass for that user. Mark's computer only has his, etc... so changing passwords isn't a strain (not that they ever do).

Yeah exchange is heavily dependant on active directory.

Your laptop could use it, it would just cache logon details when it was away from the home network.

U know if might be an idea to hide your addresses and IPs considering most of it seems fairly open with ping enabled and web mamagement enabled on your vigor ;)

Ok... I have a home network, a decent one. Has a server and such. Have a look at my diagram (http://www.reece-eu.net/images/network.png)

What might it give you?

Easy to manage central configuration of your devices? (local policies etc.) - err, probably not a huge benefit to you.

Roaming profiles and folder redirection (e.g. have your 'My Documents' etc., always mapped centrally) and sync'd - but you're managing that already.

You would need a DC if you wanted a 'free' Enterprise Certificate Service (Ian - just why would he want that???)

Exchange isn't heavily dependant on on Active Directory, AD is a pre-requisite, so if you ever wanted to go in that direction, it may be worth getting a DC set up and settled down before implementing Exchange.

Personally - I'd probably do it just for centralised management of accounts, plus it means you'll always have a few extra accounts as a way of getting into a device, in case you ever buggered up your main user account :)

But I agree with the others - not much in it!

Cheers


Ian

:ditto:

If you've already got the kit to run it on and you can afford the time to set it up in the first place (not much really) you may as well go for it...

As others have sugested, you only really need AD if you have several users logging on to several machines, and want the ability to log on to the other machines with ease. Almost any other situation for a network this small really doesnt require AD.

I might go AD here because I currently have 3 laptops, 3 pcs, and 3 servers and the ability to have a single logon that can log onto any of those machines would make life a lot easier.

I did think about roaming profiles, that would be the biggest advantage to me. I currently use Second Copy 7 so sync various parts of my home folder, and my games folder. Wouldn't the AD folder redirection be dependant on the server whenever I want my files? i.e. not possible while away with a laptop. Syncing Windows settings would be nifty too.

Roaming profiles are no good if you use multiple machines simultaneously.

Roaming profiles are no good if you use multiple machines simultaneously.

It really depends on the result you're after. Folder redirection will work happily simultaneously, subject to any normal file lock restrictions and that may be all someone wants.

Roaming profiles are still workable, if you accept the limitations. Using roaming profiles will mean that you'll get a basic environment / setup, even when logging in to a rebuilt / new machine - you just lose the odd customisation and MRUs. etc. on a last-saved-wins basis.

If I really wanted common settings for Explorer and key apps, to make my 'similar' machines behave in a similar way (language settings, screensaver settings, app UI settings, etc. etc.), then roaming profiles with multiple and/or simultaneous logins still work 90-95%.

I have quite a bit of experience with roaming profiles and using them in this way always ends in a mess. You are welcome to find that out the hard way though :)

Since you only need to do it once, I personally would copy my explorer setting using a different method. Perhaps with the transfer settings tools or simply by copying the relevant registry trees.

Ive been using, and supporting, roaming profiles for around 9 years now. NT4, 2k, 2k3, XP.... and even on 95 and 98 on an NT domain (yes this is possible but not fun).

If you accept its limitations, as Ian said, its fine. Its just users who dont quite understand the last-save-wins situation that bitch when they lose their favorites or whatever.

mmm but I have experienced plenty of users who should know better getting it wrong. :) Also there are some apps out there that save config across multiple files that totally screw up when they end up getting a partial config from one machine and part from another.

mmm but I have experienced plenty of users who should know better getting it wrong. :)

I agree that there are plenty of users who can get it wrong, regardless of what system is put in place :) Like WhiteKnight, I've been using NT and Roaming Profiles for a long, long time and I think we would both agree that 'bullet proof' is not the first words that spring to mind, but it can be made to work well enough.

Some users are good though...

[short anectdote about users]
Years ago, I implemented a Citrix solution into the Met Office. The users were all egg-head scientists with IQs in the stratosphere, really really very clever dudes and dudettes. Without boring everyone to death with the details, the Citrix client, for HP-UX, was flakey in the extrememe and after installing it, I got a phone call from a user to tell me that there were quirks in the video display that made long term use difficult... she then told me the solution which was to do with forcing a new color pallete onto the app - remember, this was way before the the wonderful-wicked-web, aka Google.

She saw a problem, applied her experience and then added some trial and error into the mix - all whilst working out what the weather was going to be like in Mornington Crescent.

I've never found a truly helpful user since... ;)
[/short anectdote]

Ive been using, and supporting, roaming profiles for around 9 years now. NT4, 2k, 2k3, XP.... and even on 95 and 98 on an NT domain (yes this is possible but not fun).

If you accept its limitations, as Ian said, its fine. Its just users who dont quite understand the last-save-wins situation that bitch when they lose their favorites or whatever.

You mention 95/98 roaming profiles is possible but not fun but really it was no different to now and worked just the same. Ofc it was slightly more easy to setup with an NT4 PDC/BDC setup then AD but it wasnt any harder or less stable, efficient.

I notice ppl talk about folder redirection etc but aint that more policies then profiles.

Folder redirection can be done in the Group Policy, but it's a lot easier to manage without screwing up a computer with the Domain Controller Policies. Can a workstation outside a domain even handle policies on a per user/group/machine basis? It appears to be 1 policy per machine when I type gpedit.msc, can't find anywhere on how to apply it.

It is also useless for my laptop while it's out of the house.

You don't need it. They are lacking in .........

THE END

Can a workstation outside a domain even handle policies on a per user/group/machine basis? It appears to be 1 policy per machine when I type gpedit.msc, can't find anywhere on how to apply it.

To a point, but it's 'GP on' or 'GP Off' unless you really (even more) h4x0r with it. You just deny access to system32\GroupPolicy and they don't get applied though. ;)

You don't need it.

What he said. Unless you know why you might need it, you don't need it.

Also, why on earth do you think you even need roaming profiles? What is it you want to roam exactly that you can't achieve with simple file & registry syncs? Do you have tons of software standarized over all your devices or something?

Out of interest, how did you get your DS to talk to your wifi nicely? I assume mine refuses to play ball because of the security...

Provided you are setting up the correct SSID and WPA/2 or WEP Key, and maybe if you router has mac address filtering it should work on your wlan fine.

My Palm wouldn't talk to my Speedtouch router because, as standard, the Speedtouch uses a wireless channel of 1. The Palm didn't like it. Changed it to something else, and it worked fine. It would see the network, just couldn't join.

Could be that.

Thinking about it Wiis just won't work with some routers, maybe the ds has similar problems

Doesnt the DS do WPA but not WPA2?

It's a BE standard bebox thingie

You can get your Nintendo DS to connect to WPA access points by using custom firmware. It was available here (http://geekboy.ca/wifi/?cat=2), but appears to be gone.