Workgroup or Domain? When does it start to make sense to implement Active Directory?
With Active Directory (AD), Azure AD, and domain, Windows® users and data are no longer tied to a machine or a physical location. It is the login credentials that determine what users see when Windows® opens, not exclusively the machine they are using. Users can log in anywhere and find their data (although not their apps and not all settings). This makes data backups easier and troubleshooting less disruptive.
When your Windows PC’s are laptops or virtual machines, you do not need to fix them on the spot; you can simply replace them.
With AD, users, computers, software installations and access rights can be managed from any PC on the network or the internet during working hours while machines are being used.
In the US conventional wisdom suggests that it makes sense to implement Active Directory once you reach 10 users. In Europe, where employee turnover is lower and budgets are tighter, that number is 50. With the advent of Microsoft 365, users are now automatically enrolled in Active Directory in the cloud: Azure AD.
Azure AD manages access to Azure and MS 365 resources, while Windows AD manages on-premises resources. Azure AD integrates seamlessly with Active Directory.
Windows AD, the on-premise version of Active Directory, is bundled with windows server and therefore costly,* but Samba, its Open Source implementation is free. So our suggestion is to implement a Domain controller built on the Samba if your company is growing, for compliance purposes, or if you plan to "acquire" or be acquired and want to facilitate the ensuing integration process.
Samba responds to security authentication requests from Windows, Mac and Linux workstations and servers. Our implementation of Samba can be conveniently accessed as a web-based application.
All it takes to run AD is three Linux virtual machines for your Domain Controller replicas as well as mirrored or replicated Domain Members for your shares and user data. Active Directory is like Chinese – only less intuitive – so if you must use an on-premises domain controller, use it, but if you do not, use Azure AD or Zero trust instead.
* (Windows® Server licenses + Client Access Licenses + maintenance + paperwork + usual annoyances) times 5 servers (3 Domain Controller’s + Domain Members) times your number of locations = $$$$. And then over again after a couple of years.