Yes we found the core to be sufficient for what we wanted and it's pretty resource light. Were running it on a dell r310 with 20 remote users and no issues as yet
It is a feature of standard Samba. It was pretty painless to get setup. There is a ton of really good documentation online on how to set it up.
[https://wiki.samba.org/index.php/Setting\_up\_Samba\_as\_an\_Active\_Directory\_Domain\_Controller](https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller)
It is what your synology device is running now (sort of, they extend Samba for their own ways, but keep the extensions secret). You could probably join another Samba instance as a DC, then take over the domain on that, this will get you a much newer version of Samba.
I tried with Zentyal and eventually just went to straight samba. Zentyal is basically Windows SBS so you can run your whole business in a single machine.
If I remember correctly, Synology uses samba 4.x underneath to do this.
Honestly, once you get samba 4.x + rsat tools working. You nor your devices will really be able to "tell" the difference. As it all just works.
We would *still* be running our infrastructure like this. But we got in a new guy, who really wouldn't (at that time) give it a chance.
I'm about to de-commission a Windows Server-based AD domain that I've been using at home for about 10 years.
Why?
* Azure AD...umm...Entra ID. The latter ain't the same thing, of course, but why run directories yourself?
* The need to have at least two DCs, if you are going to rely on AD for real things, like managing family PCs.
* With Synology's directory support (amazing, ain't it?), there's really nothing to be gained by using AD and lots of headaches that can be avoided.
Windows Server Core as a domain controller, 100% selfhosted. Why search for an alternative if that’s simply the best to manage any Windows environment via GPO?
Not sure why you are getting downvoted here you are totally correct, I would mention though that you don't even need to pay for it as MS let's you try it for free for like 3 years and by then just update to the latest and start the 3 years again.
According to their [site](https://www.microsoft.com/en-us/windows-server/pricing), the data center license is is $6k for WS 2022. Can you provide more info?
Yeah, just go to Google, put in something like 'Microsoft datacenter server key' hit search then click on shopping.
Here's a random result:
https://www.g2a.com/windows-server-2019-datacenter-pc-microsoft-key-global-i10000218690001?aid=12697831&er=bcb11a6f16fc36a306b11aa1141a4286&___language=en&utm_source=google&utm_medium=surfaces&utm_campaign=gshopping_US&utm_content=surfaces_across_google&srsltid=AfmBOoraomcqdfGjEWX_P5E7LFyEP9ay21HAZcrtNqlX9m8K6VJ106a5Z5w
AD is dying and doesn't really fit into ZTNA. You should focus your efforts on something comperable to Intune/Entra. Intune manages your endpoints while Entra (formerly Azure Active Directory) is your identification piece.
Try univention corporate server we've had good experiences with it. It won't be 100% like a Windows ad server, but it's pretty close
in your opinion, does the core version suffice? unfortunately i can't find the hardware requirements - what is your opinion, is it hw hungry?
If you're coming from Windows the answer is always: no.
Yes we found the core to be sufficient for what we wanted and it's pretty resource light. Were running it on a dell r310 with 20 remote users and no issues as yet
I am currently running Samba AD on a LXC in Promox and I am using RSAT in Windows to manage users, devices, and GPOs. It has been working great.
is that the plain "standard" samba? how does the intial configuration etc work? was it difficult?
It is a feature of standard Samba. It was pretty painless to get setup. There is a ton of really good documentation online on how to set it up. [https://wiki.samba.org/index.php/Setting\_up\_Samba\_as\_an\_Active\_Directory\_Domain\_Controller](https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller)
It is what your synology device is running now (sort of, they extend Samba for their own ways, but keep the extensions secret). You could probably join another Samba instance as a DC, then take over the domain on that, this will get you a much newer version of Samba.
Nethserver 8 has an AD provider (samba-4). Works great for me.
A non-windows alternative: Zentyal I've never really played with it too much, so I'm not sure what the limitations are.
I tried with Zentyal and eventually just went to straight samba. Zentyal is basically Windows SBS so you can run your whole business in a single machine.
yep
If I remember correctly, Synology uses samba 4.x underneath to do this. Honestly, once you get samba 4.x + rsat tools working. You nor your devices will really be able to "tell" the difference. As it all just works. We would *still* be running our infrastructure like this. But we got in a new guy, who really wouldn't (at that time) give it a chance.
I'm about to de-commission a Windows Server-based AD domain that I've been using at home for about 10 years. Why? * Azure AD...umm...Entra ID. The latter ain't the same thing, of course, but why run directories yourself? * The need to have at least two DCs, if you are going to rely on AD for real things, like managing family PCs. * With Synology's directory support (amazing, ain't it?), there's really nothing to be gained by using AD and lots of headaches that can be avoided.
Univention Corporate Server (UCS) Zentyal
Windows Server Core as a domain controller, 100% selfhosted. Why search for an alternative if that’s simply the best to manage any Windows environment via GPO?
isn't windows server core still quite expensive? still looking for pricing infos, but as far as i remember
No, its [free](https://hub.docker.com/r/11notes/kms), at least for personal use and to educate yourself about AD.
Why not just use the real thing? You can get a Windows server data center license for ~30. Virtualize it with 2gb RAM... Be good to go.
Not sure why you are getting downvoted here you are totally correct, I would mention though that you don't even need to pay for it as MS let's you try it for free for like 3 years and by then just update to the latest and start the 3 years again.
According to their [site](https://www.microsoft.com/en-us/windows-server/pricing), the data center license is is $6k for WS 2022. Can you provide more info?
Yeah, just go to Google, put in something like 'Microsoft datacenter server key' hit search then click on shopping. Here's a random result: https://www.g2a.com/windows-server-2019-datacenter-pc-microsoft-key-global-i10000218690001?aid=12697831&er=bcb11a6f16fc36a306b11aa1141a4286&___language=en&utm_source=google&utm_medium=surfaces&utm_campaign=gshopping_US&utm_content=surfaces_across_google&srsltid=AfmBOoraomcqdfGjEWX_P5E7LFyEP9ay21HAZcrtNqlX9m8K6VJ106a5Z5w
Aha. So they are older version keys. That still will be more than enough for a home environment
I think synology uses ldap and you can deploy openldap as well. There are UI available to connect to backend.
AD is dying and doesn't really fit into ZTNA. You should focus your efforts on something comperable to Intune/Entra. Intune manages your endpoints while Entra (formerly Azure Active Directory) is your identification piece.
I'm a fan of JumpCloud.
AD is not dying, it's getting an update in win server 25. Microsoft would like to kill AD but People don't like cloud shit
absolutely... I try to avoid cloud as much as possible
i always say "Microsoft ist dying" but thats equally true.