ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    domain controller in the cloud for small office?

    Scheduled Pinned Locked Moved IT Discussion
    120 Posts 17 Posters 13.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @dashrender said in domain controller in the cloud for small office?:

      @scottalanmiller said in domain controller in the cloud for small office?:

      @mike-davis said in domain controller in the cloud for small office?:

      Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?

      It does not work for sharing. Just use a local account for that. The free version is very basic, sadly.

      Maybe I misunderstood what he was asking.

      I read it to be - I have a Win10 machine joined to Azure AD - can I create a share on that Win10 machine and other Azure AD users can use their creds to access the share on my Windows 10 machine?

      That's how I read it, too.

      1 Reply Last reply Reply Quote 0
      • Mike DavisM
        Mike Davis @Dashrender
        last edited by

        @dashrender said in domain controller in the cloud for small office?:

        I read it to be - I have a Win10 machine joined to Azure AD - can I create a share on that Win10 machine and other Azure AD users can use their creds to access the share on my Windows 10 machine?

        yes, exactly this. That way with Azure I can set a password change policy, and when they do change their password, they can still access the share on the Windows 10 machine.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Mike Davis
          last edited by

          @mike-davis said in domain controller in the cloud for small office?:

          @dashrender said in domain controller in the cloud for small office?:

          I read it to be - I have a Win10 machine joined to Azure AD - can I create a share on that Win10 machine and other Azure AD users can use their creds to access the share on my Windows 10 machine?

          yes, exactly this. That way with Azure I can set a password change policy, and when they do change their password, they can still access the share on the Windows 10 machine.

          That part would work, it's just that they'd need to use different creds always.

          1 Reply Last reply Reply Quote 0
          • black3dynamiteB
            black3dynamite @scottalanmiller
            last edited by

            @scottalanmiller said in domain controller in the cloud for small office?:

            I'm often a proponent of lowering school IT budgets, the overspend that they do is absurd - to the point that the extra money often causes more issues that it solves.

            Have you ever heard or seen schools using Ubiquiti and PBX instead of Cisco to help with lowering the cost?

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @black3dynamite
              last edited by

              @black3dynamite said in domain controller in the cloud for small office?:

              @scottalanmiller said in domain controller in the cloud for small office?:

              I'm often a proponent of lowering school IT budgets, the overspend that they do is absurd - to the point that the extra money often causes more issues that it solves.

              Have you ever heard or seen schools using Ubiquiti and PBX instead of Cisco to help with lowering the cost?

              Have I, yes. Because I've worked in schools and done that. Very few do, though, and I consider it outright corruption. Funneling money to consultancies and big businesses using schools as ways to force tax payers to prop up big companies even when their products have no value to the schools.

              1 Reply Last reply Reply Quote 1
              • DashrenderD
                Dashrender @Dashrender
                last edited by

                @dashrender said in domain controller in the cloud for small office?:

                @mike-davis said in domain controller in the cloud for small office?:

                At this point I don't know if they have any Windows 7 clients, so it may be a moot point.

                I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.

                Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?

                Good question, let me try that. I'll be back in an hour or so.

                Ug conference call, can't test this yet.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @Dashrender
                  last edited by

                  @dashrender said in domain controller in the cloud for small office?:

                  @mike-davis said in domain controller in the cloud for small office?:

                  At this point I don't know if they have any Windows 7 clients, so it may be a moot point.

                  I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.

                  Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?

                  Good question, let me try that. I'll be back in an hour or so.

                  Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.

                  As Scott said earlier, you'll have to create local a local account, then use that cred to make the sharing work.

                  scottalanmillerS Mike DavisM 2 Replies Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @dashrender said in domain controller in the cloud for small office?:

                    @dashrender said in domain controller in the cloud for small office?:

                    @mike-davis said in domain controller in the cloud for small office?:

                    At this point I don't know if they have any Windows 7 clients, so it may be a moot point.

                    I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.

                    Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?

                    Good question, let me try that. I'll be back in an hour or so.

                    Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.

                    As Scott said earlier, you'll have to create local a local account, then use that cred to make the sharing work.

                    You can't, I already said that you can't. We spoke to MS about it a few weeks ago.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • Mike DavisM
                      Mike Davis @Dashrender
                      last edited by

                      @dashrender said in domain controller in the cloud for small office?:

                      Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.

                      Thanks for giving it a rip.

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in domain controller in the cloud for small office?:

                        @dashrender said in domain controller in the cloud for small office?:

                        @dashrender said in domain controller in the cloud for small office?:

                        @mike-davis said in domain controller in the cloud for small office?:

                        At this point I don't know if they have any Windows 7 clients, so it may be a moot point.

                        I do know that they have QuickBooks - I know - I know. So I have to share QuickBooks from one computer.

                        Has any one tested Azure AD to share a folder from one computer to another? Does it integrate all the accounts in AD, or only the one you set up on that particular Win 10 box?

                        Good question, let me try that. I'll be back in an hour or so.

                        Sadly, I could find no way in about 10 mins of googling, etc to add AzureAD credentials to a share/file permisssions to make this work.

                        As Scott said earlier, you'll have to create local a local account, then use that cred to make the sharing work.

                        You can't, I already said that you can't. We spoke to MS about it a few weeks ago.

                        Yep you did, but you weren't verbose about it, thanks for the additional information.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          It's pretty dumb, I think, that they make their own authentication work so badly. Just encourages competition.

                          1 Reply Last reply Reply Quote 1
                          • bigbearB
                            bigbear
                            last edited by

                            I spent a lot of time going in a circle on this earlier in the year. Basically, Scott was right... Azure AD doesnt do what you want. I spent a lot of time showing Scott he was wrong, spinning up Azure Domain Services, but it ended up Scott was still right and it was just a managed cloud instance of AD. For small business starting at $90 didnt make sense.

                            1 Reply Last reply Reply Quote 3
                            • ObsolesceO
                              Obsolesce
                              last edited by Obsolesce

                              There's a difference between Azure AD and running a DC on a VPS.

                              Azure AD doesn't use Kerberos or NTLM and is meant to work with web-based services such as O365 and salesforce using SSO.

                              WinServer AD isn't meant to work with online services, although there are ways and through federation.

                              They are different and it's important to know where they fit in.

                              scottalanmillerS bigbearB 2 Replies Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Obsolesce
                                last edited by

                                @tim_g said in domain controller in the cloud for small office?:

                                There's a difference between Azure AD and running a DC on a VPS.

                                Azure AD doesn't use Kerberos or NTLM ...

                                For those wondering, it uses SAML.

                                ObsolesceO 1 Reply Last reply Reply Quote 1
                                • ObsolesceO
                                  Obsolesce @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in domain controller in the cloud for small office?:

                                  @tim_g said in domain controller in the cloud for small office?:

                                  There's a difference between Azure AD and running a DC on a VPS.

                                  Azure AD doesn't use Kerberos or NTLM ...

                                  For those wondering, it uses SAML.

                                  AND OAuth 2.0.

                                  1 Reply Last reply Reply Quote 0
                                  • bigbearB
                                    bigbear @Obsolesce
                                    last edited by

                                    @tim_g said in domain controller in the cloud for small office?:

                                    There's a difference between Azure AD and running a DC on a VPS.

                                    Azure AD doesn't use Kerberos or NTLM and is meant to work with web-based services such as O365 and salesforce using SSO.

                                    WinServer AD isn't meant to work with online services, although there are ways and through federation.

                                    They are different and it's important to know where they fit in.

                                    In the beginning Azure AD looked like a web service to replace ADAM (I think it was called) but it definitely evolved beyond that with Windows login support.

                                    I remember feeling very clever when I discovered Azure Domain Services, I men's it works great with servers on Azure. When I discovered the base charge was $90/month I was pretty much done with Azure for small business ideas

                                    1 Reply Last reply Reply Quote 0
                                    • stacksofplatesS
                                      stacksofplates @PenguinWrangler
                                      last edited by

                                      @penguinwrangler said in domain controller in the cloud for small office?:

                                      My friend who is a tech director for my kids school is having his budget slashed by a superintendent who doesn't think that much of technology. About 750 kids in the district (rural area) he has about 400-500 machines to manage. His budget is $20,000 for the year. So we are moving him to all open source. Moving from Novell eDirectory to a Samba 4 domain. Doing anything and everything to save him money.

                                      Identity Management (FreeIPA) would be great if you want to expose the kids to Linux.

                                      One of the easiest things I’ve ever set up.

                                      1 Reply Last reply Reply Quote 4
                                      • larsen161L
                                        larsen161 @Mike Davis
                                        last edited by larsen161

                                        @mike-davis do you have an hhs.gov or gpo.gov link to where it mentions the requirement for passwords to be changed?

                                        How do you create a password change policy that gets enforced without a domain controller?

                                        Mike DavisM 1 Reply Last reply Reply Quote 0
                                        • larsen161L
                                          larsen161
                                          last edited by

                                          From what I have ever seen there is no mention of the requirement of invalidating passwords after any period of time. I have seen the following mention about passwords but this is all. Requiring users to change passwords is generally bad practice. Only change them when a security incident is suspected or known.

                                          45 CFR Subtitle A §164.308 (D) Password management (Addressable). Procedures for creating, changing, and safeguarding passwords.

                                          1 Reply Last reply Reply Quote 0
                                          • larsen161L
                                            larsen161
                                            last edited by

                                            For 8 computers use a cloud based LDAP like JumpCloud. It's free for <10 users but as many computers as you have. You install the agent which can then push a standard user profiles to the machines. Passwords of the user are managed in JumpCloud for the devices. It also has a RADIUS service for quick deployment to APs.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 1 / 6
                                            • First post
                                              Last post