Domain Servers vs. Workgroup Servers: Which is better?

[radman]

Radman's TechIMO "Written" Poll:

If someone were really "crunched for time", which would be the better/faster/easier network model to deploy right now for your average small office/home office group of users who want an application server installed:

(1) Workgroup Win2k Server
(2) Domain-based Win2k Server

....... ..... Domain Servers vs. Workgroup Servers:
... ... ... ... ... ... ... Strong or Weak?

Microsoft Windows 2000 Server has two concepts of group-based computing. Both models require the same network operating system, the only difference between the two concepts is in the way each is implemented:

1) Workgroups
2) Domains

WORKGROUP-BASED NETWORKS are a more simplified approach to server-based networking, which are often much faster to setup for the average user in the short-term, but may require more time for administrative tasks in the long-run.

Workgroup Networks consist of any logical collection of Workstations and Workgroup Servers.

Any computer on the network can join an existing workgroup as long the workgroup naming convention is maintained for each member throughout the workgroup. Any workgroup member may access Workgroup Server resources so long as the user supplies authenticated credentials for server login.

Although not performed through Active Directory, Workgroup Servers contain a standard set of centralized management tools for the administration of security policies which individual, or groups of users may require in order to gain authenticated login access to resources located on the Workgroup Server itself.

Any Workgroup Server with Windows 2000 Server installed, can be promoted to take on the role of a Domain Controller if a network administrator changes the network model from a Workgroup to a Domain-based topology.

On the other hand...

DOMAIN-BASED NETWORKS are vastly more complex to setup for the average user in the short-term, partly due to the more highly technical-nature inherent to server role promotion, but may ultimately save in administrative time over the long-run if the users manage to learn how to make more effective use of Active Directory’s robust management features.

Domain Networks can be created and managed by promoting any Workgroup Server to the role of a Domain Controller or Primary Domain Controller (PDC). Servers designated as Primary Domain Controllers contain a more thorough and complex set of security and administrative properties which the simplified Workgroup Server does not have.

Each Domain must have at least one designated PDC Server within its Forest for centralized user account management through the AD. Domains share a hierarchal directory of databases, security policies, and common security relationships with other sub-Domains.

A PDC provides access to a centralized user account and workgroup account policy as maintained by the Domain Administrator predominantly from the AD Server itself. Because Domains use a hierarchy of parent-child relationships within a Domain Forest, AD Domains are generally recommended and most effectively used by larger organizations where collaborative computing between numerous workgroups must span multiple departmental servers with common sets of relational security policies in place.

This choice would be for the average user who wanted to add an Application Server to a pre-existing Peer-2-Peer (but server-less) network for about 10 users and somehow create a hybrid client/server network out of the entire mess in under 3 days flat! Which model would you choose?

-- Radman

[meese]

I'm thinking your best bet for now is the workgroup model. How familiar are you with Active Directory, Domain Controllers and DNS? If you are not sure, then implement the workgroup for now, then get a good book and W2K server (I recommend Mastering W2K Server by Mark Minasi) and get familiar with AD. Then I would upgrade to a domain.

[nukes]

You can do it without a book, I've set up some AD systems working soley on intuition and the help files provided with 2k server (which I must say, are very good, much better than I expected from MS at the time)
A book would be helpful, butnot essential. 2k has some nice wizards to guide you through setting it up as well, and can make it very easy for you, if you are prepared to use them.
As to books, the MSCE ones are ok, the Sam's ones also tend to be pretty good.
Of course, you can't beat the O'Reilly books.

[meese]

Yea, but nukes, do you consider yourself an "average" user? Not many people will get AD working properly on intuition.

[nukes]

I don't know what to consider myself, I have been called many things ranging from guru and zealot to imbosile and retarted.
All I'm saying is that the 2k server help files are a good place to start, and how many people have we helped set up a PDC on these forums? We've effectivley talked a load of people through it. I'm assuming that if radman was knowledgable enough to write those little synopsis' at the top of the thread, then I don't think he will have much trouble setting up a PDC. If it was in NT4/3.51 I may say something different, but 2k/2k3 make it easy to do things like this, and the windows help files have more than enough info to get you on the right track, if you can stand using them. A book will normally take a more structured approach, and would obviously be the better option.
Incedentally, what sort of application server are you on about, the chances are it would work fine in a workgroup setup, and you needn't bother with all this AD crap.
If its just for database/ftp/web or whatever, then workgroup will suit you fine, and you can still define logon scripts and permissions for shares etc without using a domain, and thus without the headaches that the DNS side of it can cause.

[SeanC]

I manage an NT 4 domain in the main office. One of the development labs needed a W2K domain setup so I set one up and didn't have any issues doing the same basic things I do with the NT4 domain. AD isn't as scary as it's made out to be, IF you're familiar with NT domains.

If you're not then it might be a little more difficult.

Sean