I’m curious as to why someone would need to do that short of having a bunch of users and a small office at home. Or maybe managing the family’s computers is easier that way?

I was considering a domain controller (biased towards linux since most servers/VMs are linux) but right now, for the homelab, it just seems like a shiny new toy to play with rather than something that can make life easier/more secure. There’s also the problem of HA and being locked out of your computer if the DC is down.

Tell me why you’re running it and the setup you’ve got that makes having a DC worth it.

Thanks!

  • cm0002@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    10 months ago

    I do, for a multitude of reasons

    • Easier management of family computers
    • an authoritative source for Authentik SSO
    • Learning experience, I’m also heavy Linux, but I try to maintain an OS agnostic philosophy with my skill set so I can have options in my career
    • I was bored
    • Again, since I like to maintain an OS agnostic philosophy I have a healthy mix of Windows, Linux and MacOS devices, and you CAN in fact join Linux (w/ SSSD) and MacOS to a domain too

    In addition to what others have said with roaming profiles and such:

    DO NOT SET YOUR AD DOMAIN AS THE SAME DOMAIN OF A WEB ADDRESS YOU USE

    I…er…someone… Found themselves in this situation and have been in a mess since lmao

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Thank you for the wonderful comment.

      Indeed, I was hoping to have a good SSO setup alongside learning about AD and domain services (also looking at the *nix alternatives like FreeIPA).

      Could you tell me more about the DNS setup with regards to AD? I’d like to use my own DNS and not have AD be the DNS provider in my network. The idea to put it in its own subdomain is excellent and I’ll remember that.

      People here also mention an increase in attack surface and security vulnerabilities in running AD/domain services on a network. Now, I agree that letting free access to the domain server and having rogue accounts causing havoc on the network is not great, but I’d like to know more. What has been your experience?