AD domain at home, how complicated?

[PsichoDM]

Question for the IT minded among you. I have several machines at home, all of them with some particular use to me. I want to be able to have my own domain at home so that I can exactly set up accounts and permissions for everybody.

Basically I want to be able to share confidential information in my home network so that I can get access to it from all the machines (either documents or shared OneNote notebooks), and I don't want to rely exclusively on the password protection of my wireless router as my main line of defense against people joining the network. I'm vaguely familiar with the concept of workgroup, but I get the impression that it's nowhere near as controllable as an Active Directory domain.

I can get hold of server 2008 or server 2008 R2 no problem, but I'm more worried about how complicated the process of creating and managing a domain is. Does anybody have experience with it that they could share?

 

[criccio]

I setup and run AD at work and there is no way I want/need that level of control at home. Not to mention having to set it all up. Home OS'es are designed to work well in a home so why not let them?

Windows 7 Homegroups with strong passwords is more then enough for me.

Just something to think about.

 

[PsichoDM]

Sucks that at they haven't released a patch for Vista machines that might want to use this HomeGroup technology.

 

[gimp]

it is NOT that difficult at all. Especially for your use.

I had one setup, just my own lil play lab. Granted the only machines joined to it were VM's.

I got it setup and running in 1 afternoon.

being personal-use and having the router, you don't really need to worry about DHCP, setting up GPO's, creating multiple OU's, etc etc.

and maintaining it? not much to maintain when there isn't much change

 

[k1pp3r]

I setup and run AD at work and there is no way I want/need that level of control at home.

That level of control is exactly why I plan on implementing a domain at my house, i'm still in the cable process right now.

I don't know about most people, but i like to maintain good security over even my home data and computers. And its much easier to manage, and not difficult to setup

 

[calvinj]

I don't know about most people, but i like to maintain good security over even my home data and computers. And its much easier to manage, and not difficult to setup

First to answer you question it's really pretty easy. I have 2 server 2003 enterprise domain controllers running on 2 optiplex gx270 sff pcs. Those PC's have 40 gb hd's and 512 of ram and they run exceptionally well for just ad and ad integrated DNS. The one thing you need to determine is if you have OS's that will be compatible with joining up to a domain.

Ok Second. I agree with you that i like to maintain good security over multiple computers in my home, but I don't need a domain to do it. The only reason I have a domain is for a single point of authentication in my lab. I have enough vm's in my lab to justify it. As for my regular home network they all belong to the same workgroup and have security turned on that each user needs to authenticate against the share they are trying to access and the most appropriate users are setup on each machine. You could spend not even a 1/2 a day getting this setup and still achieve the same results.

Personally I think your going to take something so simple and complicate it in the name of security.

 

[J-Will]

AD at your house is definitly excessive. However, if you plan on using something like an intranet web server, or something like sharepoint at your house we well, it becomes more important. As to your question, it is no difficult to setup at all. You will need a dedicated machine that preferably never shuts off, and of course meets Server2008 specs. And using wireless on Server is a little bit of a hassle, so you'll want that wired for sure.

 

[k1pp3r]

Personally I think your going to take something so simple and complicate it in the name of security.

I work on domains day in and day out, they are simple to me, workgroups are what is a pain in the ass, for me anyway. I hate workgroups with a passion, i would rather manage everything from 1 point then from every computer in my place

 

[calvinj]

I work on domains day in and day out, they are simple to me, workgroups are what is a pain in the ass, for me anyway. I hate workgroups with a passion, i would rather manage everything from 1 point then from every computer in my place

I work on Domains day in and day out too, Yes they are simple and yes they work. If you don't like work groups hey I understand.

 

[Monkey34]

I don't think you need a Domain. Can you? Yes. If you think the experience would be needed in the future, then by all means do it. Otherwise if all you are doing is a central file share, there a way simpler ways of doing it securely.

 

[Loki008]

I really wish that Windows Home Server v2 adds an AD lite type feature. I would love to have "family" type GPOs that can be configured from the home server as well as the ability to do roaming profiles / folder redirection without having to manually set up the redirects. Also in my house i have several PC's through out the house and it would be nice to be able to log into them and have the roaming profile follow the user.

 

[MrGuvernment]

), and I don't want to rely exclusively on the password protection of my wireless router as

so make sure you have passwords on each windows computer and not just share something to everyone.


i think it is overkill for what you want and you dont need it.

Loki008, that would be awsome, your kids or you can use any computer in the house, login and be done with it, get all your stuff right there!

 

[lizardking009]

Its really not that hard. I'd recommend building a machine for Hyper-V (server or the role) or ESXi, so you can have a few different servers running.

If this is new to you, be ready to do set up your domain a few times. How enjoyable it is depends on your type of geek. If you're a network/server geek like me, you'll love it. If you're a gaming or overclocking or case modding type geek, maybe not.

 

[nessus]

It is as complicated as you want to make it. If you just want to use acccounts valid on your whole network, ti only takes about 15 minutes to set up.

You can make it as complicated as you want.

 

[djBon2112]

For what you want (just roaming profiles basically) it should be a snap to set up, though it isn't worth wasting a whole server on. I'd take lizardking's advice about virtualization.

 

[jeremyshaw]

I set one up for just RIS (win2k install onto a machine without a ODD!). It took me a while + an online guide, but I did it.

Now, our HTPC (which streams to a xbox), is a Active Directory/DHCP win2003 server.

 

[sphinx99]

I don't do this because I have work laptops and getting them onto a home domain when they already are members of the work domain can be a headache.

I've noticed that Homegroups and Domains play nicely together; a single client can be part of a AD domain at work, and part of a homegroup at home.

 

[ToastedToad]

I run one because it's fun!

 

[lizardking009]

I don't do this because I have work laptops and getting them onto a home domain when they already are members of the work domain can be a headache.

I've noticed that Homegroups and Domains play nicely together; a single client can be part of a AD domain at work, and part of a homegroup at home.

Its not that hard. I have nondomain users authenticate to our work AD for printing using standard RPC/net use commands. They run PaperCut for print accounting from a network share. I have a little GUI scripted up that automates the whole process. I also connect to my home AD from my work machine, joined to the work AD via a IP-based VPN tunnel.

Its not as easy as being in the domain or a trusted domain, but its not that hard to get them to play nice. Of course, if your work laptop is super locked down, then that's the problem.