I’m curious as to why someone would need to do that short of having a bunch of users and a small office at home. Or maybe managing the family’s computers is easier that way?

I was considering a domain controller (biased towards linux since most servers/VMs are linux) but right now, for the homelab, it just seems like a shiny new toy to play with rather than something that can make life easier/more secure. There’s also the problem of HA and being locked out of your computer if the DC is down.

Tell me why you’re running it and the setup you’ve got that makes having a DC worth it.

Thanks!

  • Unforeseen@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 months ago

    The attack vectors I’m thinking of just come from the inherent complexity and centralization. I’m just considering the amount of damage that can be done with a compromised DA account for example vs a non directory environment.

    It’s complicated. Done right it can be more secure, not done right it’s less secure.

    I also only get brought in for problems for the last however many years, so I’m probaby a bit biased at this point haha.

    I have had to tell companies they are going to have to rebuild thier AD from scratch because they didn’t know what thier DSRM password was (usually after a ransomware attack). These are the sort of hassles I think about vs non AD.