Can you run AD on a non-Windows server?

Solution 1:

You cannot really run Active Directory on non-Windows servers. You can run Samba, which is a semi-compatible open source product. On Synology, they call this "Synology Directory Server". Specs here : https://www.synology.com/en-us/dsm/software_spec/directory_server

Whether or not the specs and limitations meet your needs are for you to evaluate.

I'm all in favor of people learning by doing, but it might be worthwhile to engage a local consultant to help you do this. Think of the risk to your small non-profit employer if you get it wrong and cause data loss, or get it wrong and want to re-do it a couple of times. I'm not suggesting that you farm it out and be hands-off, you should definitely structure the engagement as a ride-along so you get to learn as the project is worked on.

Solution 2:

I played with this. I also used a Samba4 DC in a production environment as a "backup" DC (a "primary" was Windows Server).

It works. It also was (3 years ago) somewhat buggy. You'll get all sorts of different glitches in corner cases, like group policies and so on. Some problems in our case were probably due to a fact Samba4 was a "backup" DC and it wasn't able to copy GPs from Windows DC (it is able now, afaik); we must do that by hand (note there are no true "primary" or "backup" domain controllers in the active directory technology, but often there are enough reasons to consider some machines as "more even" than others). Others were due to the fact it didn't supported having cyrillic CNs of records well enough. In general, all problems appeared to be solvable.

In our case we eventually virtualized our Windows DC and start doing whole machine backup, so windows admins concluded no backup DC was necessary anymore (this was an organization with not more than 20 computers).

If you want to learn AD better, if you have enough time to solve problems, you may give Samba4 a try. I'll speak again, it is mature enough to rely on, especially if you do regular backups. But if you don't have a time, a motivation or want something which "just works", there is no replacement to Windows Server here, you have to use it.


Solution 3:

There are open-source software which can emulate Active Directory, and even reach 90% (maybe even 99%) compatibility with it.

But unless you are a very knowledgeable technical person trying to integrate Linux with Windows for whatever reason, it's definitely a lot easier to just run a Windows server.

If you are in a SMB (Small-Medium Business), there are lots of favorable licensing options too.


TL;DR: just run a Windows server unless you have very good reasons to not do that. It's a lot easier.


Solution 4:

I recently deployed a setup with Synology to a site with about 15 workstations to replace an aging Windows Server setup.

The key is using the RSAT tools. All you need in addition to the Synology unit is a Windows 10 machine with the RSAT tools.

The Synology can push out the basic group policies etc, but you are better off managing them by setting the rules up with the Windows RSAT available on Windows 10.

You could also use a more open source approach with linux and Samba, but the Synology is a lot easier to setup. Setup the DNS and DHCP on the Synology unit. (Make sure to have a good gateway/firewall like pfsense with Snort etc for intrusion detection). The DNS on the workstations has to be set as the Synology for the policies to correctly push to the Windows workstations.


Solution 5:

If you're looking at having some management, consistent user accounts and integration with storage, email and other common productivity services without having to spin up on-premises infrastructure along with the initial outlay, maintenance, time and risk of running them: take a look at the following cloud-based solutions:

  • Azure AD join for Windows 10: equivalent to domain joining to AD DS as it provides Single Sign-On and device controls without any on-prem management
  • Azure AD cloud identities: provision user accounts in the cloud without any on-premises servers needed
  • Microsoft Endpoint Manager [aka Microsoft Intune]: equivalent functionality to Group Policies, whilst providing better real-time management and support functions
  • Office 365: provide storage in SharePoint via Teams or the browser, plus the rest of the standard Office applications and much more

For anyone who thinks "this won't work for me, we have no budget for this stuff " – the total cost of ownership (TCO) of cloud technologies like these can often be much lower than on-premises infrastructure, and empower the business/users to achieve and create more, or be more efficient than the limits of whatever can be provisioned and managed on-premises.

Additionally, as mentioned in another answer: not-for-profits, educational organisations and other similar common good organisations often get free or significantly reduced cost cloud licenses from all the major players, even if Microsoft services aren't for you.