I work in a small office (5 full-time staff and 4 part-time staff). We don't have an IT department of any kind and we have managed to run things pretty will here for a while. All of the computers in our group are part of a "workgroup" that connects to a single Windows 2000 server. The server currently runs some accounting/payroll software, users can access mapped drives, and we have a number of networked fax/printers. It's a reasonably simple setup that has worked for our purposes. The 4 part-time staff change frequently and have password access to only 2 computers.
For reasons that I won't go into, we need to get rid of our old Windows 2000 server and set up a new Windows 2008 R2 server. We're considering setting up the new server as a domain controller to make it easier to make updates to computers and user access.
If we set up the new server as a domain controller, will workgrouped computers be able to access the server or do they have to be joined to the domain (ie: can a domain controller accept request from workgrouped computers that have not joined the domain)? More importantly, will joining them to the domain "break" anything?
I know it is a vague question but, frankly, we're a little out of our league here. We're a small shop and capable people but we're not server administrators and we don't want to take our machines offline for a week to figure this out. Any advice you guys have is certainly appreciated.
Yes the computer will be able to access the shared resources on the windows 2008 server- albeit every time the users will have to provide their credentials to access shared resources.
Ideally they should be joined to the domain, to enable centralization of users, management, group policies , and windows update via WSUS. Joining "should not break anything but keep in mind that users will have new profiles- so there might be some initial configuration. But having workstations and users in a domain is definitely worth it.
Joining them to the domain won't break anything. For a small enterprise, you can go with SBS 2008 (or 2011 if you're feeling saucy) and have all your goodies in one basket. AD, Exchange, file server, etc.
For a basic setup, you can keep it simple and manageable. However, I would advise you to hire a consultant to periodically come in and perform maintenance, backups, disaster recovery, etc.
You should be able to add all the workstations to the domain, if you would need to change anything it would be to update any security access to any files that you have access too with the new domain controller.
You could also keep them off of the domain and when you're trying to access something on the new domain controller, it would ask you for your domain login credentials. But what's the point of that if you're going to have a domain, the purpose of one is to centralize access.
Don't forget that once the new domain users log in, they will all have new profiles, so the old profiles will need to be copied over.