Migrating a Peer to Peer network to Server based network

dadtech · 2023-12-07T16:37:23.000Z

I have not found many results to assist me with this task using Google Fu so I figured I would reach out to you all.

I have a 150 seat CAT6 backboned peer to peer network right now using Buffalo NAS for triple redundancy, our CEO wanted it this way for ease of understanding how it works. We recently moved to some endpoint management software but I believe they are finally coming around to moving to a server based network. I haven’t worked with a server based network or active directory in 10 years and even then I worked on already established servers never a new deployment.

Can someone point me in the right direction for what it would take to move all these seats to a server? Recommendations for equipment?

Thanks in advance

kevinhsieh · 2023-12-07T17:39:00.000Z

If you don’t already have Active Directory, why start now? AD, and NT domains in general, is a many decades old concept that doesn’t necessarily carry over well to the modern world.

Many good size companies don’t have servers. The companies, often “born in the cloud”, use cloud file storage and modern endpoint management like Intune to do what AD group policies would be used for.

dadtech · 2023-12-07T17:49:41.000Z

Thanks for your insight. Cloud has been turned down many times, mainly because we live in a rural area and lose internet connection at least every other month for whole days sometimes.

I only mentioned AD because it was what was relevant the last time I was in the server game. I have also looked at RDS and VDI.

Essentially I am trying to gain more minutes in my day to not have to go around and touch a 150 computers when a license needs to be changed or eliminate the tickets for issues that are easily resolved with updates.

kevinhsieh · 2023-12-08T01:48:28.000Z

Maybe what you really need is a RMM tool, which should do a better job than Group Policy over making changes to your machines.

noitforyou · 2023-12-08T13:36:59.000Z

How can you have a business with 150 endpoints and exist with that kind of (lack of) Internet reliability??

If the business leaders are finally “coming around” perhaps it’s time to make a slightly larger leap to some other Internet connectivity (if available, of course) and go ahead and move to the cloud like Kevin is suggesting?

By the time you got a $erver in there and $pent the time to $et it and the network up you might be able to find/justify a better ISP and future-proof your network.

As to your actual question, what applications run in the network, what do you anticipate running on the server? Do you just want AD functions or do you have a back-end system or database (even Quickbooks, for example) that needs to be on the server?

And as to your 10 year gap in hands-on with AD, you could take this opportunity to advance your skills/knowledge with cloud technology - because that’s not going to do anything but become more and more prevalent.

randomparts · 2023-12-08T15:53:38.000Z

Does everyone already have an O365 account? That might make things easier. In my mind you need to have a domain and accounts for users before you start adding servers. If authentication isn’t centralized you’re going to have a mess on your hands, especially with 150 endpoints. I would first create a DC and everyone authenticates to that. Do you already have a domain that PC join to (online)?

mike-action1 · 2023-12-08T15:59:34.000Z

I agree a domain is not for everyone. In some cases it is actually counterproductive to even attempt it, especially for a mostly mobile and remote workforce.

Action1 could help you manage that network formally without the need for AD. While also getting it more streamlined, standardized, and secure.

Almost everything you would want to do with GPO can be done via tools like Action1 as well, since most of it is just specific polices set in the registry for instance. All detailed here very well. https://admx.help/ and most relatively trivial to push out with a powershell script.

If you would like to give Action1 a go, it is free forever for the first 100 endpoints, fully featured.

Action1 | Action1 Risk-based Patch Management – 19 May 21

Free Risk-based Patch Management Software | Action1

Patch, manage and access up to 100 endpoints remotely FREE of any charges, forever, with a free patch management solution from Action1. No strings attached.

You keep those 100 free if you buy more so in your case, you would get 150 endpoints for the price of 50.

If you do try it, and like it, and I can be of any assistance at all, just let me know.

brittadams · 2023-12-08T18:49:29.000Z

I know they are against cloud, but Entra ID (Formerly Azure AD) or something like Jumpcloud are the way to go. To spin up some servers for tens of thousands of dollars does not make a lot of sense. Put that money in better internet with reliability and failover.

bescott · 2023-12-08T19:13:27.000Z

Like how rural are we talking? My parents are out in the middle of nowhere and they managed to make a deal with a carrier that gives them fairly decent service (in exchange for using their antenna as a place to mount their hardware). Are there absolutely no alternatives for y’all?

rickcolarchik · 2023-12-08T21:26:24.000Z

I’m an old timer so AD services is familiar and difficult to get away from but talk to your local telco. I work for one. You will be far and away happier with better service and cloud RMM/MDM as your management and access solution if you don’t already have a domain built. You can even have separate ONTs on different public facing VLANs and a single failover router so if your ISP has one network drop for any reason or ONT optic fail, you aren’t down. (If you are in TX and AT&T / Verizon are your only options, I’m sorry/good luck) We are dragging new fiber to several of our smaller communities and customers along the route and we are in the middle of nowhere MT. If you do go down the Microsoft Domain way or not, PLEASE, get that NAS connected to a cloud cold storage offload. RAID in any situation is not infallible. Your Buffalo with modern firmware should have S3 and other provider offload built right in with very little cost involved. Lastly if you are “STUCK” with going to a domain to clean things up. I’ve never seen a cookie cutter service to build it for you. It needs to be something you analyze for yourself, determine what best practices you can make work and make a test environment first with 2 or 3 lucky / techy users. Whether you need it or not, have a second DC in a second routable but ACL isolated VLAN that you can capture the FMSO roles with if your primary DC goes down for some reason. Maybe enlist the services of a trustworthy local MSP service that can bridge the gap, give you some pointers, and then let you go back to Break/Fix after you are up and running.

graham36752820 · 2023-12-21T08:30:09.000Z

I was in a very similar situation back in 2010 as my company had never had any servers and I hadn’t seen one since the days of NT. We had multiple NAS’s too. Also (and until quite recently had really awful Internet with rural locations. Even though you are 10 years out you’d quickly pick it up, AD looks much the same.

To answer you question.

We had 5 offices at the time and have gone through various revisions in technical sophistication. I tend to favour Dell.

I would recommend you find a third party supplier to assist you.

Most basic: Physical server running DC, File, Print and backup server all in one. You can still connect up your NAS boxes as your primary storage and the DC will handle folder permissions.

Then we moved on to Hyper-V hosts, running 2 VMs (DC, File) and still acting as a backup server.

Then much the same with separate backup servers and more vm’s.

All this is relatively low cost.

Then to move all your PC’s to the server, you got to join them manually.