Benefits of migrating Workgroup to Active Directory domain

During making decisions about company's infrastructure decision-makers face the problem of
managing users and equipment located in various locations. Users possess different knowledge
about IT things, mainly adapted to their workplace environment. Software, hardware, operating
systems, sometimes means nothing for them. Employees are part of departments that can work
together or on the contrary - they should not be part of the team. To prevail on this diversity and to
ensure an adequate level of security, Microsoft introduced Active Directory, which catalogs users
data, computers, peripherals and allows for easier and automated management.
There are many companies which started their work on one or few computers, grew slowly and
suddenly bloomed to be businesses with hundreds of users. On the other hand the IT environment
was not changed accordingly to company needs. Computers was still the part of working group,
being really just a collection of independent units. This made it difficult to manage them as a
resources. In this article, I will present the differences between the working group and the Active
Directory domain and the advantages of the latter solution.

What the Workgroup is?

This is a group of computers, which are working independently in the company, but can share some
elements, like documents. They could work in the same physical network or in the other company's
location. They are not managed centrally.

How the Workgroup works?

Typically, the company begins operations on several computers, which are not interrelated. Over
time, their number is growing. They have different hardware and software configurations. Each user
can do all on its own computer or administrator locks a person access to install programs on that
particular computer.

Sharing in the workgroup

To share files or printers from another computer or server, you as an administrator or user
must know the exact name of the other computer and its user

Sharing on the principles of group of users is very difficult and often impossible

If the user changes his computer, sharing must be set once again from the scratch

Benefits of the workgroup

Having only several computers, it's relatively easy to administer. Microsoft talks about the
safe limit of 10 computers for the workgroup.

Workgroup does not require installation of additional hardware (server) and software
(Windows Server) and has low maintenance costs

Disadvantages of the workgroup

Lack of central management and control over permissions which users possess

Any changes need to be made on each of the machines

No possibility of tracking the actions of users

Possibility of spreading of viruses when administrative privileges was granted on the

computer

Lack of automation of processes, e.g. Remote software installation

Lack of users mobility - documents stored on a single computer are not available to others
without sharing, in case of computer crashes - they are lost

No possibility of blocking and tracing a person who stole the data

Obtaining data about other user is very limited, you cannot easily check his or her e-mail
address or telephone number

The workgroup - more computers and users. What happens when a

company already has dozens of computers in a workgroup?

Any change is made only on one computer at the same time - this means large
administrative effort and time needed to change settings for a large number of machines =
higher costs

Problems with security, for example no control over changing user passwords = low
corporate data security

Difficult access to other computers by the same user - lack of central control over privileges

What the Active Directory is?

Active Directory is the first enterprise-class directory service that is scalable, built from the
ground up using Internet-standard technologies, and fully integrated with the operating
system.

Windows Server operating system service,

The central database of objects - computers, users, groups, logon credentials, printers,
network shares (shared folders with files),

The database can be replicated to branches in other locations using encrypted network
connections,

It can be used to integrate with external systems in other businesses that rely on Active
Directory, for example. SQL databases, file servers, mail servers, CRM systems, WEB
servers,

It integrates with Exchange mail services and Exchange Online. For example you can use it
to create an account that will be synchronized with the mail server,

Groups objects for one common domain.

Active Directory domain

All Computers share the same naming space called domain. A domain can be local one,
acting only inside the company-internally, with the example name company.internal and
recognizable from the Internet, for example. company.com

Each computer within the same domain will have domain name in the same namespace

Active Directory domain structure

Active Directory has a tree structure with permissions flow down from the top to the bottom of
the tree

Thanks to this structure, permissions assigned on a higher level will be applied at a lower
level,

This access is of course adjustable, you can also stop inheriting permissions,

The domain is the inheritance border

In the Active Directory database it can be only one domain

In can be used multiple domains within the same forest,

Forests can connect with each other to create the trusts.

Active Directory domain in the forest

The administrator manages the domain, creates policies that govern the operation of computers,
servers and printers, and control the permissions of computers, users, and groups.
Advantage: Centralized management of infrastructure allows you to automate processes and setting
sets of standard actions by applying domain policies.

Trusts between Active Directory forests

Trusts between domain forests can create one-way and two-way relationships, depending on which
forest
should
have
access
to
the
resources
of
the
second
one.
Advantage: You can use other company's data if the company has also implemented Active
Directory.

Tree structure of the Active Directory forest:

allows for central configuration of the most important settings through the policy, ie. Windows
settings, security level, access to the servers and computers,

allows the distribution of permissions by assigning the objects of computers, users, and
groups to separate organizational units and groups,

enables remote installation on selected devices,

Inherited permissions allow the use of once prepared configuration for new objects,

by grouping objects in organizational units each department or business unit can use specific
settings only for itself

Trust between Active Directory forests

Examples of Active Directory use:

change logon password for group of users,

blocking access for fired person,

Automatically assigns a network printer for a selected group of users, eg. sales,

set Windows firewall settings centrally for the whole company or each department
separately,

Access to a shared folder on your network by mapping for a group of people, for example.
Drive F: \ for the finance department,

roaming profiles - user data kept on the server that follow the user regardless of the
computer,

VPN - access from outside the company to file resources granted under the user name,

Documents and Desktop folder redirection - keeping user data on the server. Files from the
desktop and documents folders can be kept on the server and connected to the user's
session automatically when he or she logs in to computer,

automatic installation of the software,

using Active Directory credentials in other systems based on AD authentication, for example.
SQL Server, CRM applications, file systems,,

block access to USB devices,

tracking attempts of unauthorized access,

centralized management of the Windows operating system updates,

adaptation of Internet Explorer, for example adding selected sites to the trusted zone,

one login - use the same Windows login to view e-mail in Outlook,

regulate access to the corporate network computers - allowing or blocking based on rules
such. computers without current anti-virus updates should not be able to connect.

Migration of workgroup to Active Directory domain - general

requirements:

installation of the server with Windows Server operating system and promote it to a domain
controller

users computers with one of the operating systems: Windows XP Professional, Windows
Vista Business, Windows 7 Professional, Windows8, Windows 8.1,

add computers to the domain,

create domain user accounts,

migrate user profiles from the local workgroup to the domain on all computers added to the
domain.

Benefits of Active Directory Service

Simplifies management

Administrators have a single point of management for user accounts, clients, servers
and applications

Administrators can delegate specific administrative privileges and tasks to individual

users and groups to make better use of system administration resources

Strengthens security

It supports a number of authentication mechanisms used to prove identity upon logon

to Windows 2000

It support a fully integrated public key infrastructure and Internet secure protocols to
let organizations securely extend selected directory information beyond their firewall
to Extranet users and e-commerce customers

Extends interoperatbility

Expose all of the Windows 2000 directory features through standards-based

interfaces.

It provides a development platform for directory-enabled applications.

More efficient usage of resources

Centralized security control and shared logon information saves the trouble of
creating security-admin functions of each specific system

Users are exempted of the headache of maintaining multiple security information

within a single domain

Summary

Directory Services are essential to daily life in a networked world

Personal information that is needed for the running of any organization is being kept in many
separate systems

Centralized directory services can improve productivity and increase security while reducing
management overhead

The implementation of Active Directory has many advantages compared to the use of the
workgroup. Thanks to the AD domain, the company can more accurately and securely manage its IT
environment, adjust the operational requirements, plan and make changes to a much greater pace.