[OPLINTECH] Windows Server/Active Directory

Chad Neeper cneeper at level9networks.com
Tue Mar 15 17:14:18 EDT 2016 

Wow, that's a tall order. Hopefully someone else can give you some specific
titles to look towards. I'm a learn by "Googling, exploring, experimenting,
and RTFMing" kind of person myself. I've never really had much benefit from
classes or books...it takes too long to get to the gold nuggets that I'm
looking for.

Do you have any Windows servers/desktops currently or are you pretty much
pure *nix?

Years ago, I was installing Windows computers with a Novell Netware
back-end. Netware+NDS+ZENworks served the purpose that Windows
Server+Active Directory+Group Policy does now. At that time, linux was
starting to take hold and FOSS was starting to get more accepted or at
least discussed (both eventually even in LibraryLand). I had already
started down the path of putting linux in the back-end where I could and
was really starting to seriously consider it for the user-facing stuff.
Ultimately, though, I ended up entrenching deeper into Windows and
Microsoft software (Microsoft Office) because that's mostly what the
patrons used at home, work, and school. I think that's generally still true
for most of the communities surrounding the libraries I support. Although
it's shifting a bit with the proliferation of handheld devices and the
increasing number of people who don't have desktop computers at home.

So with Windows desktops, Windows Server+AD made the most sense because of
the better/tighter workstation support and control. There are still things
I wish I could do that I could do with Netware+NDS+ZENworks, but for the
most part standardizing on Windows Server to manage Windows Workstations
seems to be the best option.

*nix is great, but I think it's a little lacking in the
"cohesive"ness/centralized management department. That's where being
proprietary has traditionally shined. To answer part of your question, I
typically use Windows for most everything that's user-facing. The exception
being catalog computers. No need for Windows on a browser-only computer
when a repurposed 10-year old low-performance computer PXE network booted
to Linux will do just fine.

With having more than a tiny handful of Windows desktop computers, using a
Windows Server (w/Active Directory) to manage them is a no-brainer. Windows
Server/AD and the other supporting Microsoft technologies are immensely
useful for centrally managing Windows workstations. Personally, I leverage
Group Policy pretty heavily to configure the workstations just the way I
want them. It's great for enforcing consistency amongst your workstations,
for installing/configuring printers, for configuring third-party apps, etc.

I sneak *nix in on the back-end where I can: pfSense, squid, apache, etc. I
fill in with other FOSS software on the Windows workstations/servers where
I can get away with it:  Chocolatey, VNC, 7-zip, LibreOffice (as either a
supplement or replacement to M$Office), vlc, etc.

When using Windows Server/AD to manage Windows workstations, part of the
trick is managing Microsoft's desire to own the network. For instance,
Active Directory requires Microsoft DNS server. A non-Microsoft DNS server
isn't sufficient. AD uses DNS in a proprietary way (gee, surprise). You
have to have a Windows DNS server running in your network if you want to
use AD. So unless you hand over all of your DNS resolution to Microsoft,
you have figure out the best way to integrate a MS DNS server in with your
existing DNS servers.

But the problem with "getting a book" might be that Windows Server, Active
Directory, MS DNS, Group Policies, etc. are each book-worthy topics in and
of themselves. You might consider setting up an isolated test environment
(virtualization is your friend) and starting with the basics. Install
Windows Server. Then figure out how to install and manage AD and it's
pre-requisite MS DNS. Then set up a virtualized Windows test workstation
and start hammering at Group Policies. Probably in generally that order.
Perhaps also MS DHCP server to support your virtual workstation and
testing. Eventually, you could even move on to WSUS to centrally manage
your operating system updates ("Windows Updates"). And more.

HTH,
Chad



______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full IT/Computer consulting services -- Specialized in libraries and
schools*

On Tue, Mar 15, 2016 at 2:27 PM, Jordan Cooper <jcooper at myacpl.org> wrote:

> Hey, guys. I've worked some in Windows Server/AD environments, but never
> as the primary admin. I've been considering moving our systems to it as I
> work toward improving our networks and overall cohesive infrastructure. Do
> you have any recommendations on reading material or classes to brush up or
> can you give me ideas about how you've integrated it into your libraries?
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20160315/89cf51b0/attachment.html>

More information about the OPLINTECH mailing list