@scottalanmiller said in What Are You Doing Right Now:

@Donahue said in What Are You Doing Right Now:

I am so confused.

@Dashrender can you produce a link that says that SQL is limited to 10 connections when hosted from windows 10? It sounds like you are claiming this, and I don't believe it.

It's in the EULA and is both a technical limit as well as a licensing limit. Also, SQL hosted from Windows 10 has other license issues if used like a server beyond the hard limits.

can you guys explain more? I am unfamiliar with what you guys are trying to tell me. @scottalanmiller which EULA, windows 10 or SQL?

@DustinB3403 and @JaredBusch agreed on both points.

@Dashrender said in Where do I start with replacing the whole MS AD stack:

@Donahue said in Where do I start with replacing the whole MS AD stack:

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

Unless you have a need for a fully managed DNS system with a fuck ton of records, I recommend just using the system that is doing the DHCP. Router, pfSense, WTF ever.

I've got just our 50 or so workstations and then our servers as records. I don't need much.

Why are you worried about CALs at all? You have at least 50 device CALs to cover those 50 devices - just don't allow other devices on that specific network. If you are allowing personal phones/laptops on WiFi - create a separate network for them, that gets DNS and DHCP from the router (most likely at least).

that wasn't the point. The point was to get off AD/DHCP/DNS because of, and not limited to, stupid licensing.

@DustinB3403 said in Where do I start with replacing the whole MS AD stack:

@Dashrender said in Where do I start with replacing the whole MS AD stack:

@DustinB3403 said in Where do I start with replacing the whole MS AD stack:

Why would you have no internal dns?

If you don't have AD and don't have internal servers - why do you need internal DNS?

Nothing in the original post (until a very recent one) stated there were no on-prem servers. Hence the question.

correct, I did not mention that this all occurred as we were introducing on prem servers for the first time.

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

@Donahue said in Where do I start with replacing the whole MS AD stack:

I am in the middle of changing all my DHCP stuff, which is what prompted this whole thing. I want to switch over to reservations for everything, but it got me thinking about CALs, and it all snowballed from there.

Well first, you don't change anything.

Get it cleaned up and in a known good working state.

I just redid our scopes yesterday, but I have not yet started migrating over our static IP's to be reservations. I can get everything setup in windows first, and then migrate it over as @black3dynamite said, but that seems like extra steps to me.

@Dashrender said in Where do I start with replacing the whole MS AD stack:

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

How will this affect licensing? Do you only need one CAL for that DNS server, since it's the only thing actually talking to the server? Interesting work-around to MS licensing.

I believe that MS believes that ANY device that gets info that is passed along using DNS requires a CAL. It doesn't matter who hosts the DHCP, if it is still point to MS DNS.

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

Unless you have a need for a fully managed DNS system with a fuck ton of records, I recommend just using the system that is doing the DHCP. Router, pfSense, WTF ever.

I've got just our 50 or so workstations and then our servers as records. I don't need much.

I am in the middle of changing all my DHCP stuff, which is what prompted this whole thing. I want to switch over to reservations for everything, but it got me thinking about CALs, and it all snowballed from there.

So apple is not operating like a swap meet, that has been established. It is operating like a consignment store? In those cases, when a store sells something on consignment, doesn't the buyer ultimately buy from the store, and not the consignee? I am asking because I have never been to a store like that.

I am so confused.

@Dashrender can you produce a link that says that SQL is limited to 10 connections when hosted from windows 10? It sounds like you are claiming this, and I don't believe it.

@DustinB3403, I know that. My original post was assuming only user CALs. I actually have both, but the point was that it is stupid that they are needed at all. It was not meant to be a debate between user or device CALs.

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

So first, you setup your DHCP up on your non Windows Server device.

Router, pfSense, WTF ever.

But you set it up so that the DNS it hands to the clients is the Windows server.

At that point, DHCP is migrated.

no, I got that. But simply using windows DNS as a service requires the CAL. I need to run some other DNS server.

@DustinB3403 said in Where do I start with replacing the whole MS AD stack:

Why would you have no internal dns?

We used to only use public external DNS because we didn't have servers at all. When we first got our servers, I didnt really know what DNS was and we ran for while with no internal DNS, but there were lots of issues as you can imagine.

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

@Donahue said in Where do I start with replacing the whole MS AD stack:

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

Re: What Are You Doing Right Now

@Donahue said in What Are You Doing Right Now:

Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

Start with DHCP and DNS.
Those are easy, low hanging fruit.

First DHCP, because it is tied to nothing.

Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

I know those are the low hanging fruit, but what I dont know is how much AD want to have DHCP and DNS under it's umbrella. I know I used to have AD by itself, with DHCP on the router and no internal DNS. Everything has seems to work better since I tied them all together.

Your problem

no internal DNS

I specifically stated in my post that you have to handle that.

Only fixing the DNS fixed your problems.

I know I needed internal DNS, and that was what resolved most of my issues. But I was asking where to start with getting some other internal DNS setup.
I guess I didnt understand your post when you said

Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

@Dashrender said in What Are You Doing Right Now:

@Donahue said in What Are You Doing Right Now:

Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

Windows 10 suffers the max 10 connections issue - just reminding you of that.

can you elaborate?

@Dashrender said in What Are You Doing Right Now:

@Donahue said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Donahue said in What Are You Doing Right Now:

I'm reading up on MS CALs. I just realized that you even need a CAL for things like DHCP or DNS.

Yeah, which is why MS licensing (bad player) fees get to be extreme a lot of the time.

It's crazy. I had thought this whole time that things like accessing file services required CALs, but not just random guest devices that get a DHCP address. That totally changes everything. One scenario I read that claimed to need a CAL was a networked break buzzer for the shop floor. If using the per user model, you would need a user CAL for each employee on payroll. Dumb

Most places find that per user is the much cheaper way to go. Only in shops where you have huge staff but few shared computers does device license make sense. So in the case of phone connecting - it would be covered under the user's user license.

we have about 50 computer users but 200 shop employees. I dont currently have any CALs that cover the shop employees.

what I need to look up is what to run for internal DNS. This whole thing is stupid and makes me hate MS licensing even more.

@JaredBusch said in Where do I start with replacing the whole MS AD stack:

Re: What Are You Doing Right Now

@Donahue said in What Are You Doing Right Now:

Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

Start with DHCP and DNS.
Those are easy, low hanging fruit.

First DHCP, because it is tied to nothing.

Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

I know those are the low hanging fruit, but what I dont know is how much AD want to have DHCP and DNS under it's umbrella. I know I used to have AD by itself, with DHCP on the router and no internal DNS. Everything has seems to work better since I tied them all together.

Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

I think I realized that recently. It makes @JaredBusch's comments about why I needed a 1Gb WAN make more sense. I probably needed improved latency at least as much as more bandwidth. I think I had a lot of extra backend issues that were causing more latency than just network latency too. Resolving those may have been enough, but at this point we have what we have.

@DustinB3403 said in What Are You Doing Right Now:

@Donahue said in What Are You Doing Right Now:

I'm reading up on MS CALs. I just realized that you even need a CAL for things like DHCP or DNS.

Yeah, which is why MS licensing (bad player) fees get to be extreme a lot of the time.

It's crazy. I had thought this whole time that things like accessing file services required CALs, but not just random guest devices that get a DHCP address. That totally changes everything. One scenario I read that claimed to need a CAL was a networked break buzzer for the shop floor. If using the per user model, you would need a user CAL for each employee on payroll. Dumb