Just having a think about my next move for my wifes small electrical company. As the husband and of course now designated IT guy for the company I have been running their network and servers for 10+ years.
They have a humble setup now to be honest. They have M365 with Business Premium accounts, 4 desktop machines, a Local windows SQL server, and a synology file server that also acts as Domain, DNS and DHCP. It backs up to C2 and another dedicated Synology onsite. All of the infrastructure is Unifi, being switches, cameras, and UDM-SE head end.
Their machines are struggling with DNS from time to time and it seems to be the implementation of the Synology Directory Service and DNS. They don’t really need a domain as such so im rhetisent to install a full AD server again and i’m wondering what the implications of moving to AzureAD and cloud based solution are for things like the SQL server etc.
If i just moved DHCP, DNS to the Unifi console for example, added CNAMEs for the local SQL Server and File server, and used their 365 logings to sign in to the computers? Or is this just making way more issues for myself than necessary
Take a look at Zentyal Developers edition, you would only need a mini-PC to run it for the size of the system you are using.
If you really like it, you can then consider paying them for the “system”.
I will say that setting up IP reservations in Zentyal 7 were a bit odd, I haven’t really looked at it in several years. I did run it in my lab for a while (again Zentyal 7) and I ran it on a mini-PC with Intel J4125 and 8GB of ram, it ran as well as Server 2022 runs on the same PC. I really should go back to it, but I’m labbing things that really are going to interface with Microsoft domains, so Server Evals are the choice for right now in my lab.
Recommendation for the latest Zentyal:
mini-PC with at least and Intel n150 and 16GB of ram, a 4c8t or better processor AMD should be just as good. If you want to go all out, Intel n355 or AMD 8c/16t processors would give lots of overhead. The 16GB will be fine for any case, and you can drop down to 8GB if money is an object (sometimes $100 object). N5105 should probably be able to do the job too, I have several of the Mele Quieter 3q that if you could get them for $100-$150 might be worth doing for this task.
I should also mention that you can buy the Zental Administrator exam book for $50, might be able to find it cheaper used. It does say for Zentyal 7, not sure how much has changed, but not enough to write a new book??? I have the book, it’s a good resource to have.
I don’t agree with Zentyal. I tried it very recently and it was a really bad experience. Not to mention if the environment is using 365, I don’t believe it cannot use any kind of sync tools to azure. It is also lacking lots of features needed for newer versions windows 11
With that said, I am all about pinching penny’s everywhere I can, but if you are wanting to do this properly you might have to spend a little bit of money here in this situation IMO.
What is missing from Zentyal for Win11? I haven’t tried joining any win11 to a Zentyal (Samba) controlled domain yet, but should be pretty similar to the Synology domain functions mentioned above.
The DNS and DHCP the last time I used it worked fine except for the mentioned oddity of making DHCP reservations for things you want at known IP addresses.
I don’t like this option, but going to suggest it… There are places that you can buy “legitimate” client and server keys for really cheap. I see them being pushed by people on youtube all over the place. I can not push any one over the other, I think they are kind of shady, but a lot of people use them and claim no problems. A mini-PC and server 2025 or even 2022 might solve your issues if the license is within your price range. For server 2025 I would stick to TPM 2.0 and SecureBoot options, same as win11, just being safe on that front since the core is the same.
You could also go down the rabbit hole of building a small hypervisor system, and on, and on…
Yes, that is a problem, especially when you consider that 2025 introduces a new functional level. I’ll have to look into it before giving it another go.
Just looked it up, Zentyal 8 still has a functional level of 2008 which is too old now. Not sure if you can update the Samba component up to the most recent.
Looking like you really need a Windows server running, or role your own with linux.
@Greg_E@xMAXIMUSx Thanks as always for your input on this, really much appreciated. At least i learned something new, never heard of Zentyal before, its interesting .. but not suitable in this instance.
I was really hoping to avoid migration to a OnPrem AD/DC again, its such a pain in the butt. I guess i could always hybrid join it to their M365 Tenant and go that route. The SQL Server is a VM running on HyperV Datacenter edition, and so spinning up a VM actually wont cost in licensing for the ADC, just overhead, and the server has 128GB ram so should not be a problem there.
Id love to say I was Linux savvy, but I really am not .. so Windows for the Win (if you can say that) …
It’s the SQL Server I’m bothered about as it holds all their CRM and Sage data. I wouldn’t want to break things further than the issues they have already
For a company that small, the overhead from AD DS is almost nothing. The only overhead would be the drive space it takes and maybe the 4-8GB of ram it needs. Slap the GUI version of Server Standard on there and run with it.
Not much in the way od management either, unless you have a lot of employee turnover.
Since you have Synology DC running, I wonder if you can join a Windows server to it as second DC, move the roles and turn off the Synology DC to move everything over to Windows. Then you could raise the Forrest and Domain functional levels as high as you can get if it wasn’t already at 2016 levels. I still need to plan upgrading all of mine up to Server 2025 and raising the level, not sure what I may gain, but since all my clients are win11, there might be something in this change.