Business Active Directory and File Storage

[dobbythenerd1]

Hello everyone,

I have been trying to learn about Active directory so i can put a basic setup into place for the company i work at as everyone is working on full administrator local accounts which is a little bit of a security risk in my opinion.

I intend to have 2 servers that will run together to spread the load of staff logging in etc however I'm not sure how the folder redirection works. If one of the servers goes offline the folder redirection stops working. I have tried using DFS but this hasn't worked for me unless I'm doing something wrong?

 

I also plan to have a general purpose storage location on the servers that all staff have access to which once again should be spread over both servers encase one failed. We will have a raid setup on the servers to protect us from drive failure but i want to have the files cloned accessable incase one was to ever fail (Like a motherboard dying etc.) I'd like both servers to be used rather than one sitting idle waiting for the other to fail. Hope this makes sense?

How would i go about doing this?
 

[abit-sean]

With DFS you can setup either sync replication across two servers or I prefer to use failover clustering. It does all depend on where you are keeping the files and you also have to make sure that permissions are set correctly.

[dobbythenerd1]

1 minute ago, abit-sean said:

With DFS you can setup either sync replication across to servers or I prefer to use failover clustering. It does all depend on where you are keeping the files and you also have to make sure that permissions are set correctly.

Id like the files to be kept on both server's incase one failed. Failover cluster a better option?

[Electronics Wizardy]

10 minutes ago, dobbythenerd1 said:

I have been trying to learn about Active directory so i can put a basic setup into place for the company i work at as everyone is working on full administrator local accounts which is a little bit of a security risk in my opinion.

at this point id probably go with azure ad instead of local ad.

 

11 minutes ago, dobbythenerd1 said:

I have tried using DFS but this hasn't worked for me unless I'm doing something wrong?

dfs replication should be able to do this, I have done this type of setup before.

 

12 minutes ago, dobbythenerd1 said:

I also plan to have a general purpose storage location on the servers that all staff have access to which once again should be spread over both servers encase one failed. We will have a raid setup on the servers to protect us from drive failure but i want to have the files cloned accessable incase one was to ever fail (Like a motherboard dying etc.) I'd like both servers to be used rather than one sitting idle waiting for the other to fail. Hope this makes sense?

dfs name spaces and replication will work here. But would really reccoment going with M365 here and using sharepoint. 

 

How many users do you have?

[dobbythenerd1]

Just now, Electronics Wizardy said:

at this point id probably go with azure ad instead of local ad.

 

dfs replication should be able to do this, I have done this type of setup before.

 

dfs name spaces and replication will work here. But would really reccoment going with M365 here and using sharepoint. 

 

How many users do you have?

So the company has 85 staff currently which is likely to expand to 200 in the next year. I cant go into much detail but we don't want to move over to Azure as we don't want to be putting stuff on the cloud.

[abit-sean]

Failover clustering is handy when using SAN storage but I think replication would work better is small scale. The simple way of setting it up is to create your DFS shares on server 1 setting all required permissions. Then setup sever 2 the same and add target folder. DFS will prompt to ask if you want to enable replication.

[Electronics Wizardy]

1 minute ago, dobbythenerd1 said:

So the company has 85 staff currently which is likely to expand to 200 in the next year. I cant go into much detail but we don't want to move over to Azure as we don't want to be putting stuff on the cloud.

Why don't you want to be putting things on the cloud? Its probably going to be much more secure and reliable compared to local ad.

 

Id get someone in that knows AD well here to set this up for you, you want this setup right.

 

Also wht set setups? Id run hyper-v and run it all with vms here. And keep the domain controllers only doing domain controller duties, nothing else.

[abit-sean]

4 minutes ago, Electronics Wizardy said:

Why don't you want to be putting things on the cloud? Its probably going to be much more secure and reliable compared to local ad.

 

Id get someone in that knows AD well here to set this up for you, you want this setup right.

 

Also wht set setups? Id run hyper-v and run it all with vms here. And keep the domain controllers only doing domain controller duties, nothing else.

I'm guessing that cost would be a big factor? They're obviously not spending a great deal on IT as they don't have central infrastructure in place already.

[dobbythenerd1]

3 minutes ago, Electronics Wizardy said:

Why don't you want to be putting things on the cloud? Its probably going to be much more secure and reliable compared to local ad.

 

Id get someone in that knows AD well here to set this up for you, you want this setup right.

 

Also wht set setups? Id run hyper-v and run it all with vms here. And keep the domain controllers only doing domain controller duties, nothing else.

I understand it's probably going to be more secure however the company higher ups have has bad experiences and we only get about 15mbps download. 

[Electronics Wizardy]

5 minutes ago, dobbythenerd1 said:

I understand it's probably going to be more secure however the company higher ups have has bad experiences and we only get about 15mbps download. 

Yea that makes sense then.

 

I'd really suggest getting someone to help with this if you have a limited knowledge of AD

 

But Id test this in a lab first, DFS can do all of this for you here and generally works pretty well.

 

Make sure you have a good backup plan too.

 

Probably want to setup some GPO too or learn how to, things like auto mounting the network drives at boot is very handy.

[dobbythenerd1]

4 minutes ago, Electronics Wizardy said:

Yea that makes sense then.

 

I'd really suggest getting someone to help with this if you have a limited knowledge of AD

 

But Id test this in a lab first, DFS can do all of this for you here and generally works pretty well.

 

Make sure you have a good backup plan too.

 

Probably want to setup some GPO too or learn how to, things like auto mounting the network drives at boot is very handy.

I've been tasked with this and currently have VM's and some old computers for testing. I have everything working pretty well and i have the setup documented for putting it into place. 

 

DFS is the only thing that im getting stopped at. If i pull the ethernet out of the ADPC1 it freaks out. The files are being copied to ADPC2 but the share dies? I feel like im doing something wrong haha

[Electronics Wizardy]

Just now, dobbythenerd1 said:

I've been tasked with this and currently have VM's and some old computers for testing. I have everything working pretty well and i have the setup documented for putting it into place. 

 

DFS is the only thing that im getting stopped at. If i pull the ethernet out of the ADPC1 it freaks out. The files are being copied to ADPC2 but the share dies? I feel like im doing something wrong haha

Are you using dfs namespaces? That should have it auto switch to the other server if needed. Try rebooting the workstations to see if it connects to the other server. I think there is some downtime if one goes down, but a server failure is pretty rare so Id say thats not a big issue.

[abit-sean]

2 minutes ago, dobbythenerd1 said:

I've been tasked with this and currently have VM's and some old computers for testing. I have everything working pretty well and i have the setup documented for putting it into place. 

 

DFS is the only thing that im getting stopped at. If i pull the ethernet out of the ADPC1 it freaks out. The files are being copied to ADPC2 but the share dies? I feel like im doing something wrong haha

Have you added both severs on the namespace? Also DNS?

[dobbythenerd1]

14 minutes ago, Electronics Wizardy said:

Are you using dfs namespaces? That should have it auto switch to the other server if needed. Try rebooting the workstations to see if it connects to the other server. I think there is some downtime if one goes down, but a server failure is pretty rare so Id say thats not a big issue.

 

13 minutes ago, abit-sean said:

Have you added both severs on the namespace? Also DNS?

Hope this gives you an idea of where i am. 

So my GPO for redirection should be \\NAME\MainStorage
If i disconnect the main server it stops working.

 

 

[abit-sean]

3 minutes ago, dobbythenerd1 said:

 

Hope this gives you an idea of where i am. 

So my GPO for redirection should be \\NAME\MainStorage
If i disconnect the main server it stops working.

 

Select your namespace and then on the right panel you should have a tab called Namespace servers. Both servers need to be listed there.

[dobbythenerd1]

2 minutes ago, abit-sean said:

Select your namespace storage and then on the right panel you should have a tab called Namespace servers. Both servers need to be listed there.

Like so?

[Electronics Wizardy]

2 minutes ago, dobbythenerd1 said:

 

Hope this gives you an idea of where i am. 

So my GPO for redirection should be \\NAME\MainStorage
If i disconnect the main server it stops working.

 

 

If you right click on the folder when mounted, do you see both of the targets via DFS name spaces?

 

[wseaton]

85 users shouldn't require failover or redundancy, at least at a software level.

 

The most common component to fail will be storage or getting hit by ransomware. 

 

I've had single AD servers handle 2000+ accounts with no sweat.  Also, DFS can fail....although its certainly improved a lot. 

[dobbythenerd1]

8 hours ago, wseaton said:

85 users shouldn't require failover or redundancy, at least at a software level.

 

The most common component to fail will be storage or getting hit by ransomware. 

 

I've had single AD servers handle 2000+ accounts with no sweat.  Also, DFS can fail....although its certainly improved a lot. 

Don't get me wrong, This may be a little over kill but the company we are requires we have little to no downtime. If we lost access to our system/files due to a motherboard failing for example we would potentially be fined a minimum of £4k a day for each customer. We have over 200 customers.

Its easier for us to just get 2 AD servers running encase one failed. We backup to external SSD's that get taken off site every night also.

[dobbythenerd1]

17 hours ago, Electronics Wizardy said:

If you right click on the folder when mounted, do you see both of the targets via DFS name spaces?

 

[Electronics Wizardy]

4 hours ago, dobbythenerd1 said:

can you switch to the other server? Is replication working as expected?