Announcement

Collapse
No announcement yet.

Is possible remove Domain Controller in a organization?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is possible remove Domain Controller in a organization?

    Hi all!
    I have a issue for you.
    Is possible remove the Domain Controller and Active Directory in an organization?
    I probably know the answer but I'd like to discuss with you about the possiblity to use another kind of access control, identity control, password management and so on instead of domain and Active Directory inside an organization. Now we have one domain, 2 child domain and one trust domain. So ...a lot of people , a lot of server managed and a lot of services and ACL and policies....
    But..Does something exists like a sobstitute of the domain to manage the same level of security and granularity and services?

    What do you think about it?
    In my company there is the desire to eliminate the domain and AD cause they thing there are a lot of problems with it and I like to give them very strong reasons to change idea

    Thanks everybody!!!
    Frabit

  • #2
    Re: Is possible remove Domain Controller in a organization?

    There are alternative Directory Services (e.g. Novell) but all have similar management requirements to AD.

    WHat are the problems you are having? They will need to be resolved regardless of what you do.
    Also how many users/computers

    Basically, AD (when properly configured) is the easiest management solution, so IMHO fix what is wrong with AD
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Is possible remove Domain Controller in a organization?

      Hi Ossian,

      I agree with you.

      But not my manager and so I want to demonstrate the role of AD and its pro's.
      We manage about 3600 users more trust domains. We manage hundreds of servers and the complexity of a large infrastructure.
      Now we want to became a private cloud provider for our users....and someone told them about the limitations introduced by AD in term of integration with other systems and flexibility....

      I know that all the problems we can have could be caused of an older version (still 2003) and a wrong management ...we have zombie configuration and old entries....

      Now We have some problems with dns, with integration with storage gateway , SSO, but probably the same problems will exist also with another DS...

      Do you know what kind of Directory Services is used by cloud provider?

      Thanks
      Frabit

      Comment


      • #4
        Re: Is possible remove Domain Controller in a organization?

        Just from the read of your initial post. It sound like they are asking for trouble to demote the AD infrastructure.
        Since your enviornment is so large, I DO AGREED with Ossian, the problem need to be fixed with the current setup if they think there is a problem. Start to figure out what is the problem and what might caused the problem and go from there.

        I see a few major issues when they are demote the AD:
        1. The down time
        2. Users network resource access that using AD permission
        3. Integrated Application access using AD(i.e, applicationg using SQL integrated with AD etc..)
        4. Disaster..

        I think this is a costly project and if poor planing, you might asking for a disaster during the migration...

        They really need to pinpoint the issue and fix it instead of trying to run away from the issue.

        H.N

        Comment


        • #5
          Re: Is possible remove Domain Controller in a organization?

          There will be problems with any directory service that is used. Active Directory is by far the most prominent of its kind, meaning it's likely you'll never run into a problem that hasn't been experienced by someone else, meaning you're far more likely to find a solution.

          I can't imagine trying to remove AD from that setup and institute something else, and not causing more problems than you're trying to solve.

          Comment


          • #6
            Re: Is possible remove Domain Controller in a organization?

            I generally don't comment on forums but I enjoy reading them. However, I just couldn't resist on this post. As you know, AD is the foundation of your environment. I can't imagine being responsible for a project to completely remove it. If your manager insists, I would send him/her an email strongly advising against it and tuck a copy of that away for safe keeping. Regardless, good luck.

            Comment


            • #7
              Re: Is possible remove Domain Controller in a organization?

              Does your organisation use exchange server??

              Comment

              Working...
              X