Imported users from domain controller

[Borja]

Hi,

i would like to know if users imported from a domain controller win2k3 can survive if the domain controller machine goes down. What i want to know is, if data could be accesed with user and password authentication. We are planning to update server because win server 2k3 is unsupported now and this is just in case of a problem arises.

Thanks.

 

[anodos]

Hi,

i would like to know if users imported from a domain controller win2k3 can survive if the domain controller machine goes down. What i want to know is, if data could be accesed with user and password authentication. We are planning to update server because win server 2k3 is unsupported now and this is just in case of a problem arises.

Thanks.

No. Image your DC before trying to upgrade. BTW, permissions on your freenas server will be the least of your worries if you screw up your only DC. :D

Make sure you have the local admin password on all domain joined machines. Otherwise you'll lock yourself out. With freenas at least you can authenticate with your root user.

Honestly, you should be virtualizing your DCs and have two of them on your network. If you do otherwise, you are playing with fire.

 

[Borja]

No. Image your DC before trying to upgrade. BTW, permissions on your freenas server will be the least of your worries if you screw up your only DC. :D

Make sure you have the local admin password on all domain joined machines. Otherwise you'll lock yourself out. With freenas at least you can authenticate with your root user.

Honestly, you should be virtualizing your DCs and have two of them on your network. If you do otherwise, you are playing with fire.

Thank you very much for helping. I don't have experience in windows administration. What software do you recommend for imaging DC?
We are doing periodic images with symantec. The thing is we can endure a temporary fall of DC because is not a very large network , but we need full time access to data. If DC goes down i really like that a user could plug a laptop on local network, enter credentials and read his data.

In other words, i want to descentralize critical systems.

Thanks!

 

[anodos]

Thank you very much for helping. I don't have experience in windows administration. What software do you recommend for imaging DC?
We are doing periodic images with symantec. The thing is we can endure a temporary fall of DC because is not a very large network , but we need full time access to data. If DC goes down i really like that a user could plug a laptop on local network, enter credentials and read his data.

In other words, i want to descentralize critical systems.

Thanks!

That's not possible unless your users have local accounts on freenas server, which defeats the purpose of having AD in the first place.

Add a second DC. Then you have automatic failover of DNS and authentication if one DC goes down.

 

[Borja]

That's not possible unless your users have local accounts on freenas server, which defeats the purpose of having AD in the first place.

Add a second DC. Then you have automatic failover of DNS and authentication if one DC goes down.

Is there a way to link a freenas account to a DC windows account? A local samba account linked with DC account. I though that if you have a samba account with same credentials that windows account you can login without enter user and password....

 

[anodos]

Is there a way to link a freenas account to a DC windows account? A local samba account linked with DC account. I though that if you have a samba account with same credentials that windows account you can login without enter user and password....

No. That would require samba to be a domain controller.

It's better to just add a second windows DC to your domain. Each Windows Server 2012R2 license allows you to install 2 VMs (on the same hardware) or 1 physical install and 1 hyper-v VM. There are basically 4 windows roles you want on any windows network (2 domain controllers, a windows deployment server, and a WSUS server). I typically will use the 2 windows licenses on separate servers that host VMs. Each VM server gets a DC, and I put WSUS and WDS on the same VM instance. The last windows server instance I use for site specific stuff (like quickbooks data server, etc).

If you lack hardware for installing a second DC, you can run a DC in a virtualbox jail on your FreeNAS install. It is not a resource-intensive role (1GB RAM, and 1 processor should be enough). I did this for about a year. Just do yourself a favor and grant your non-virtualbox DC FSMO roles / make it global catalog server.

Actually, let's take a step back.

Is your FreeNAS server configured as an AD "member server"? I.e., if you type "wbinfo -u", do you see a list of your users?

 

[Borja]

No. That would require samba to be a domain controller.

It's better to just add a second windows DC to your domain. Each Windows Server 2012R2 license allows you to install 2 VMs (on the same hardware) or 1 physical install and 1 hyper-v VM. There are basically 4 windows roles you want on any windows network (2 domain controllers, a windows deployment server, and a WSUS server). I typically will use the 2 windows licenses on separate servers that host VMs. Each VM server gets a DC, and I put WSUS and WDS on the same VM instance. The last windows server instance I use for site specific stuff (like quickbooks data server, etc).

If you lack hardware for installing a second DC, you can run a DC in a virtualbox jail on your FreeNAS install. It is not a resource-intensive role (1GB RAM, and 1 processor should be enough). I did this for about a year. Just do yourself a favor and grant your non-virtualbox DC FSMO roles / make it global catalog server.

Actually, let's take a step back.

Is your FreeNAS server configured as an AD "member server"? I.e., if you type "wbinfo -u", do you see a list of your users?

We are building our first freenas NAS now :) is not ready now. We have a DC (w2k3) and a win2k8 server to migrate DC to.