0

Not sure if this is outside the realm, asking serverfault about going server-less, but I'm not sure where to ask this. I'm a sys admin for a medium size nonprofit who wants to not only eliminate our file servers, but eliminate our domain as well.

[Editing to add the following info: We have: - Physical Server is 1 year old, with 2 years warranty left. - DC is on Server 2008 Rt, but it has DNS issues, which make me want to migrate it to a new server install rather than troubleshoot it. - 25 workstations, half Win 10, half Win 7 - As a nonprofit, we qualify for $5000 annual sponsorship in Azure ]

If we move all files out of server shares into Sharepoint Libraries, they're challenging me on the need for a domain controller. Their reasoning:

  • We can use local computer accounts, or a workgroup.
  • All resources are web-based; our Office 365 login is all we need.
  • Users' Desktops and My Documents can be redirected to their OneDrive folders
  • Windows Updates can be automated
  • Maybe security can be cloud managed?

My arguments:

  • I can't centrally monitor & manage patches, updates, security, and computers.
  • I won't have Group Policy to deploy printers/software/etc.
  • We won't have a network where I can see who's logged in, etc.

These arguments haven't deterred them. I feel like I’m forgetting something obvious, but I'm failing to convince them.

As I understand it, Azure Active Directory isn't meant to replace our own AD, it's more meant to extend it, connect to other services, and Azure AD DS is meant to sync with a local AD?

So do I:

  • Insist that I won't run a network of non-domain-joined machines?

Or:

  • Decommission the local domain, set up local accounts for all users, make them happy?

Many thanks for your thoughts!!

Matthew

Matthew
  • 59
  • 1
  • 8
  • `1.` Who are you referring to? Who is "them" or "they"? `2.` I would argue that you need to have additional duscussions to determine why they're advocating this approach and what it's impact to the business would be. Get a better understanding of their position and the reasoning behind it. `3.` It sounds like you're trying to impose your will here, which is never the right approach. Everything you do should be about serving the needs of the business, not yourself. – joeqwerty May 07 '18 at 15:45
  • Thank you Joeqwerty. Management's goals are simplicity, streamlined work environments, and going through one upgrade process rather than two. Our DC (Server 2008 R2) is buggy (DNS issues); I've been recommending that we migrate it to a new Azure server, along with our file server, and then carefully plan our transition to SP libraries. That's what I quoted to management. They responded by wanting to move everything into SP libraries now and just eliminate our DC, rather than going through two separate upgrade processes... (continued in next comment..) – Matthew May 07 '18 at 16:46
  • Thanks for these questions - the concern that I'm imposing my will vs responding to their needs is what's giving me pause, making me question my assumption that a domain is critical to effective network management. I've been a server admin for so long, I'm aware of my own bias, and wondering what the ramifications of having no domain would be. I'd guess that TOC will go up, as I'd lose the ability to centrally manage patches, security, deployments. I'm hearing that this is possible with Intune or MDM if we were all on Windows 10. – Matthew May 07 '18 at 16:47
  • Most, if not all of this, can be accomplished with MDM, InTune, DSC, etc. I'm not saying that it will be easier... or even better... but certainly possible. The main thing for me is to always be cognizant of my own bias and making sure I'm not bringing it to bare inappropriately. Certainly you can have your own opinions and recommendations and it's OK to disagree with the client/company/boss but always make sure you're serving the client and not yourself. – joeqwerty May 07 '18 at 16:59
  • Sage advice, thank you sir. It looks like InTune will run $6/user/month; whereas we wouldn't pay to have Azure host our DC. But then I'd worry about WAN failure/congestion, even with a backup ISP. – Matthew May 07 '18 at 17:09
  • "If the Internet is down, nobody can work" may be a compelling argument for keeping some things on premise. – Michael Hampton May 07 '18 at 17:53

0 Answers0