P
P
Pavel Perkov2021-01-21 16:46:02
Active Directory
Pavel Perkov, 2021-01-21 16:46:02

Active Directory, preparation for implementation, how to calculate server capacity?

In the second half of the year I plan to start integrating Active Directory into the company, I have the following questions:
1. What courses, books, materials would you recommend for a quick understanding of the topic? Prior to that, he was mainly engaged in Linux servers and network equipment
2. How to correctly calculate the capacity of servers for AD?
3. How much is required for a company with a fleet of 120 laptops?
4. What to do when going to a remote location? How will employees log in?
5. The office has remote employees in the region of 30 machines in other cities, I'm not sure if they have licensed Windows, what should I do with this?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Alexey Dmitriev, 2021-01-21
@SignFinder

1. It won't work quickly.
Start with this https://docs.microsoft.com/en-us/windows-server/id...
and continue with the reference manual for exam 70-742, or find the course for it - https://docs.microsoft. com/ru-ru/learn/certificati...
2. As with everything else, study the minimum hardware requirements and think about them.
3. How much of what? There must be at least 2 domain controllers. See item 2 for hardware requirements.
4.VPN
5. Solve the problem, score on the problem. If there was a question - what to do with them - then either enter into the domain, or do not enter and simply create user accounts in AD.

H
hint000, 2021-01-21
@hint000

2. We keep on virtual machines. The minimum was 1 processor core and 1 GB of memory, 20-25 GB of virtual disk. Now more boldly allocated - 2 cores and 2 GB of memory each. Seriously, for two roles on the server (AD DC + DNS), this is enough for the eyes. So you can hang such a virtual machine on any existing server with other roles and it will not even notice the increase in load. Or select a weak but reliable iron.
3. At least two for fault tolerance, and if these are virtual machines, then it makes no sense to keep both on the same host. We have 5 offices scattered around the city, in each of them I placed one domain controller. The idea is that if Internet access is lost, then any office can work autonomously.
The number of domain controllers practically does not depend on the number of users, the load on them is small, and one copes with the load (well, if there are several thousand users, then that's another story).
4. From personal computers or office computers? Personal do not log in to the domain, just RDP or VPN + RDP. Service users can log in for ~ a month without connecting to a domain controller. Login to the domain via VPN will be a little more complicated. If you raise the VPN client on your home router, then it's easier.
5. From a legal point of view, you need to ask lawyers. It is unlikely that you are responsible for licenses in other cities. If these are personal computers, then you are definitely not responsible for them. :) But if there is a licensed home-version, then you will not be able to enter it into the domain. Again, personal computers do not need to be entered into the domain, even if there is professional and licensed Windows.

P
pindschik, 2021-01-25
@pindschik

Wrong questions.
Start with task analysis, not equipment selection.
1) Google. And virtualization. Try, think, learn while there is time for it. In general, even look on this resource - a detailed answer to the question is often found. Too lazy to search - so AD is not for you.
2) The power of servers should be calculated not for AD, but for tasks. By itself, AD is below the plinth in terms of requirements. But the range of tasks - apparently you do not understand yet. A misjudgment can be very costly later on.
3) From one to 120 servers. And another 120 routers with IPSec. A question the answer.
4) Solved. The problem here is not how to log in, but how to ensure security. Here they write about VPN - but only one of the ways and not the most ideal.
5) This question should be considered, perhaps with the leader. And no one will magically name the ideal solution for your specifics.
A couple more tips - if you invite a specialist to deploy - then be ready to understand what he has done, develop and support an independent one. Otherwise, everything will be screwed up.
If dark spots remain in understanding, do not start working for a living. Keep experimenting with virtualization.

M
Maximus-nsk, 2021-01-25
@Maximus-nsk

It seems that the owner himself wrote to estimate the costs. but nevertheless I will write simple things:
Any 4-core processor starting from core i5 (1155) to any server e3 ... e5
As for the remote control, ideally use Cisco Ani Connect, but for this you will have to set the network equipment standards. Of the simple free solutions, it is fashionable to install a vpn client, for example, radmin vpn.
In general, it is best to hire a normal admin and be prepared for the fact that you have to invest in infra.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question