Yeah, yeah, I know I’m currently running a series of posts on my trials and tribulations getting a new Windows domain controller up and running. So why am I writing the first of what will probably be many columns about deep-sixing the domain completely? As you will see, I am beginning to question whether I need the domain, and the costs to my time and sanity are beginning to outweigh the benefits.
How did I get here?
I’ve been running a Windows domain for more than 25 years. When it was the most essential, it was hosting:
- Web servers
- Exchange server
- File servers
- DHCP
- DNS
- NTP proxy server
- Printer sharing
- Roving login
- Centralized Matlab licensing
- Central security administration
Over time, the web hosting and Exchange server migrated to the cloud. The file servers are now Synology boxes. Yes, they’re joined to the domain, but they don’t need to be.
So now the domain is giving me:
- DHCP
- DNS
- NTP proxy server
- Printer sharing
- Roving login
- Centralized Matlab licensing
- Central security administration
I sure don’t need two servers to get DHCP; there are DHCP servers in my firewall and all my Synology NAS boxes, turned off for now, but available. It’s not clear that, in the absence of a domain, I even need local DNS, but if I did I’m sure I could find a lightweight way to run it. I can probably call up Mathworks and get a different licensing arrangement for Matlab. I can share printers with a Windows workgroup. I’m pretty sure I can use cloud NTP servers directly. Now we’re down to:
- Roving login
- Central security administration
I think I’m willing to forgo those.
During those 25 years, Windows Server has gotten more and more secure, feature-rich, and complicated. (Remember the first rule of security: it always introduces inconvenience). Looking at Windows Server 2016, I can see that it’s not going to be a piece of cake to get it running as the GC in a domain that has one WS 2008R2 and one WS 2012 domain controller. And Windows Server 2019 will probably be even more complicated and unwieldy.
If I’m going to extricate myself from running a domain, I need to deal with the following:
- Rehost DHCP
- Convert domain workstations to workgroup members, while retaining installed programs, documents, favorites, desktops, etc.
- Reconfigure machines with static IP settings
- Release and re-acquire DHCP leases for all DHCP clients
And I need to do all that while the network is running, without any major degradation in service.
The next post will discuss some of the possibilities that have occured to me.
Leave a Reply