Is there a guide or best practices to creating a domain and AD in a non domain environment.
I am faced with a network of about 60 pc’s and various devices that are on the network.
With the limited progress I have made within the courses I for see that I could have issues in how I remove pc’s from the work group and add to the domain. I am trying to get my head around how this is accomplished. Is this something that is done a couple pc’s at a time, I would think that this would be a problem as the domain can’t talk to the remaining work group as the switchover takes place.
Does anyone have hands on experience with a situation like this?
Are all the Workstations in the same office/building? I haven’t come to an environment where there’s no domain controller but due to the number of PCs, I think that doing the domain join manually on them would be the best.
You can use PowerShell to join them remotely instead of visiting each machine to join the domain.
How to Add Computers to a Domain Using PowerShell
Ricardo
Hi Ricardo,
First I want to thank you for your feedback.
All workstations are between 2 buildings that are joined by fiber. Yes, we have never had a domain.
Getting the funding for a contractor to come in and implement a domain is not possible. But, we need one and they empower me to figure it out and list the hardware we need.
One aspect of the domain switch over is how do I get workgroup pc’s into the domain? Can I incrementally do this? How will this affect the newly joined pc’s ability to connect to network devices and shares that currently exist in the workgroup. I’m talking about the connections and network software that the run. For instance we have an MIS system that they access with a browser. It is on premis. Do I join domain with server first? Won’t this render the remaining workgroup pc’s unable to connect to the MIS if it is now on the domain?
I feel there is much more to a switch over that I’m going to discover as I go through this process.
Would he say that this is something that has to take place during down time, say a weekend? Also is it something that has to be completely finished before anyone can be brought back on the network?
I hope I make sense.
Thank You
Charlie
For a change like this one, maintenance over the weekend is suggested if possible.
You can start with deploying the domain and use a test workstation to join the domain and test all the access users have (if they access network shares, printers, network, etc.) before and after joining the domain. Testing first will be important and provide user training on how to do the things they do now in a domain environment. The more prepared and informed you have your users the better.
Authentication to applications might be something to consider since users will change from a local authentication to domain authentication. This might affect accessing shares, profiles and resources that they are accessing with their local accounts. At the network level, there should be no change but it depends on the IP subnet ranges (if not in the 169.X.X.X range right now).
With the MIS application, I believe their credentials won’t change since they might be hosted in the MIS application but worth checking.
Expect some unexpected behavior as users come Monday back to the office to work since that will affect their user productivity and user experience (new user credentials, how to access resources, etc.)
I have done an office “move” from one building to another and I remember having IT staff working on the move over the weekend and having them Monday to provide support due to a lot of ticket requests.
1 Like
@CharlesCabral Great question! In addition to what @ricardo.p has already said I highly recommend that you go through our labs for building a Windows domain and at least get through the sections in module 2 where you are building the domain and joining computers.
Also it might be worth migrating in waves. Do you need to do all the computers at once? What about doing 15 computers at a time. This way if something is completely broken after the domain join not everyone will be affected. As a side bonus you’ll get better and better at the process with each wave.
I would like to try something like that, a group at a time.
If I had to pull them back to the workgroup, could I do that?
Or would there local account and data be gone?
Once the workstations join the domain a new profile for the users will be created. It will be an empty profile but their local profile will be there local to the workstation. If the users use the domain credentials they will load the domain profile, if they use the local credentials to the workstation they will load the local profile. You might want to test these profiles in the test workstation.
You might not need to remove from the domain the workstations in case they want to use the local profile but worth checking due to the resources they access.
You can try with groups as you said and as Paul suggested deploying in groups. Maybe start with the smaller group, one that wants to be or offer for the pilot roll-out.
Ricardo
Thanks Ricardo, that makes sense.
To setup a test domain and workstation, can I get demo lic’s for creating a domain and test user?
Yes, you can get a 180 days trial when you download the ISO. Check Module 1 which explains how to download the software.