Can you run Active Directory on a non-Windows server?

Question

I administer a network of 10 workstations for a small non-profit (also, I'm very inexperienced, forgive me if it's a silly question), and everything has been managed so far as if they were home PCs used by multiple persons, on some workstations a handful of employees even share a single user.

I'm considering introducing Active Directory for managing the user accounts, but we currently don't have a Windows server. A couple of Synology disk stations have been bought, and I'm wondering if I can deploy AD on it? Or is a Windows Server OS necessary for that?

Search results I've found all speak of "integrating" a Linux server or disk station into an AD domain, not using it as a domain controller.

score 14 · Accepted Answer · answered Feb 12 '21 at 20:29

You cannot really run Active Directory on non-Windows servers. You can run Samba, which is a semi-compatible open source product. On Synology, they call this "Synology Directory Server". Specs here : https://www.synology.com/en-us/dsm/software_spec/directory_server

Whether or not the specs and limitations meet your needs are for you to evaluate.

I'm all in favor of people learning by doing, but it might be worthwhile to engage a local consultant to help you do this. Think of the risk to your small non-profit employer if you get it wrong and cause data loss, or get it wrong and want to re-do it a couple of times. I'm not suggesting that you farm it out and be hands-off, you should definitely structure the engagement as a ride-along so you get to learn as the project is worked on.

score 9 · Answer 2 · answered Feb 13 '21 at 07:56

I played with this. I also used a Samba4 DC in a production environment as a "backup" DC (a "primary" was Windows Server).

It works. It also was (3 years ago) somewhat buggy. You'll get all sorts of different glitches in corner cases, like group policies and so on. Some problems in our case were probably due to a fact Samba4 was a "backup" DC and it wasn't able to copy GPs from Windows DC (it is able now, afaik); we must do that by hand (note there are no true "primary" or "backup" domain controllers in the active directory technology, but often there are enough reasons to consider some machines as "more even" than others). Others were due to the fact it didn't supported having cyrillic CNs of records well enough. In general, all problems appeared to be solvable.

In our case we eventually virtualized our Windows DC and start doing whole machine backup, so windows admins concluded no backup DC was necessary anymore (this was an organization with not more than 20 computers).

If you want to learn AD better, if you have enough time to solve problems, you may give Samba4 a try. I'll speak again, it is mature enough to rely on, especially if you do regular backups. But if you don't have a time, a motivation or want something which "just works", there is no replacement to Windows Server here, you have to use it.

Massimo · Answer 3 · 2021-02-13T16:49:22.020

There are open-source software which can emulate Active Directory, and even reach 90% (maybe even 99%) compatibility with it.

But unless you are a very knowledgeable technical person trying to integrate Linux with Windows for whatever reason, it's definitely a lot easier to just run a Windows server.

If you are in a SMB (Small-Medium Business), there are lots of favorable licensing options too.

TL;DR: just run a Windows server unless you have very good reasons to not do that. It's a lot easier.

johnsonjp34 · Answer 4 · 2021-02-13T22:02:47.580

I recently deployed a setup with Synology to a site with about 15 workstations to replace an aging Windows Server setup.

The key is using the RSAT tools. All you need in addition to the Synology unit is a Windows 10 machine with the RSAT tools.

The Synology can push out the basic group policies etc, but you are better off managing them by setting the rules up with the Windows RSAT available on Windows 10.

You could also use a more open source approach with linux and Samba, but the Synology is a lot easier to setup. Setup the DNS and DHCP on the Synology unit. (Make sure to have a good gateway/firewall like pfsense with Snort etc for intrusion detection). The DNS on the workstations has to be set as the Synology for the policies to correctly push to the Windows workstations.

Ashley · Answer 5 · 2021-02-16T20:58:10.900

If you're looking at having some management, consistent user accounts and integration with storage, email and other common productivity services without having to spin up on-premises infrastructure along with the initial outlay, maintenance, time and risk of running them: take a look at the following cloud-based solutions:

Azure AD join for Windows 10: equivalent to domain joining to AD DS as it provides Single Sign-On and device controls without any on-prem management
Azure AD cloud identities: provision user accounts in the cloud without any on-premises servers needed
Microsoft Endpoint Manager [aka Microsoft Intune]: equivalent functionality to Group Policies, whilst providing better real-time management and support functions
Office 365: provide storage in SharePoint via Teams or the browser, plus the rest of the standard Office applications and much more

For anyone who thinks "this won't work for me, we have no budget for this stuff " – the total cost of ownership (TCO) of cloud technologies like these can often be much lower than on-premises infrastructure, and empower the business/users to achieve and create more, or be more efficient than the limits of whatever can be provisioned and managed on-premises.

Additionally, as mentioned in another answer: not-for-profits, educational organisations and other similar common good organisations often get free or significantly reduced cost cloud licenses from all the major players, even if Microsoft services aren't for you.

score 2 · Answer 6 · answered Feb 16 '21 at 19:23

As a “small non-profit” you should be able to get Windows Server and Workstation licenses very inexpensively through Tech Soup. https://www.techsoup.org/

I would recommend getting a used server, installing Hyper-V server (not the Hyper-V role), and setting up a virtual Domain Controller. You could also setup a file server (later).

There are many IT people around who would be happy to show you the ropes. Otherwise, I would definitely recommend paying for some help.

score 0 · Answer 7 · edited Feb 14 '21 at 00:59

Sadly AD is a Product based on Windows by MS. So the Answer is no. But... as others already mentioned there a some nice AD like things... Did you checked out UCS == Univention Corporate Server? It is very ad-compatible and can make you do many thing pretty easy! Since its opensource you can you use it for for free. UCS is using ldap/samba but in very great. I'm using it at a local hackerspace to provide not only an user-account directory, but more we love to use its awesome integration w/ many opensource apps like nextcloud or such things.

Lee Stanford · Answer 8 · 2024-03-25T10:07:36.953

You know, there is Apache Directory Server and the client side, Directory Studio. I mean, it's an LDAP Server, and Directory Studio looks and acts a lot like JXplorer, an LDAP browser.

Install the Server (the green one) then install Directory Studio (the blue one) and use it to setup the server instance by entering your LDAP values. Oh, and you may also need to install the Eclipse JDK thingy -not a technical term- too (last I saw it required v11 of Eclipse) in order to get the Directory Server and Directory Studio working right. I hope that helps.

I apologize, I had to get back to my desktop to check the name of the Eclipse thingy. It's called Eclipse Temurin JDK with Hotspot 21.0.2+13(x64) by Adoptium?..no glasses at the moment... Found em...yes,Adoptium. I needed to install that to get the green and the blue to work together, as I recall. But it was required to get it to work.

Can you run Active Directory on a non-Windows server?

8 Answers8