Let's start out with the good points: there are advantages to a Microsoft Domain Controller model. Centralized user control, fine grained resource access control: these are often useful and very helpful.
But not every business needs this, and there are disadvantages also. Centralized logon also means no logon if that server acts up. Resource access permissions can be much more than is needed for a small business, and can be confusing to maintain.
Unfortunately, businesses often get pushed into this model when they buy new software. The people installing the software are often fairly clueless about networking in general but what they do know is that setting up a Domain Controller makes their work easier. Note that's "their" work, not necessarily yours.
For example, you may have a mixed environment, and in spite of the shiny new Windows software, you still need some Unix apps. By the way, don't be too quick to pat yourself on the shoulder for replacing that clunking old Unix software. My bet is that in five to ten years you'll be moving back to a Unix or Linux based app: unless Microsoft finds some legal shenanigan to kill Linux, I think that's almost inevitable.
But never mind, here's the barely computer-literate Windows "consultants" come to install your new system. They'll be recommending a Domain Controller model. Push back: ask why their software can't run on a server in a peer to peer network. Almost always the answer is that it can. And doing that just might make your migration less painful. For example, a lot of small businesses have XP Home computers. Microsoft doesn't like those to join a Domain. There are ways around it (just do a Google search for "XP Home join domain") but it's still extra work and hassle.
While I'm thinking about it, do NOT let them confuse you or themselves about the "Domain". This has nothing to do with Internet DNS or your mail domain (and for crying out loud: don't let them talk you into Microsoft Exchange or IIS!). Microsoft (as usual) didn't have a clue about the Internet when they designed this stuff, so they took a meaningful name (domain) and polluted it with their nonsense. A Microsoft Domain Controller might be a DNS server, might be a mail or web server (shudder!) but that has absolutely NOTHING to do with the name you (or they) choose for the domain.
Just don't get pushed faster than you want to go. If you don't understand what they are trying to sell you, hire someone else to intercede and protect your interests. A Domain Controller can be the right choice, but it ain't necessarily so.
See Samba and PDC's.
This old post explains how to bring a Mac into a Windows 2003 domain.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2013-02-09 Anthony Lawrence
Zawinski's Law: Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can. (Jamie Zawinski)