Win 8.1 user accounts and Active Directory

Hi all

At my company we are currently running a server (with Windows Server 2012 R2 Standard), without Active Directory, and we have a bunch of laptops running Windows 8.1 Pro. Now we want to install Dynamics CRM which requires an Active Directory domain.

I am trying to run through every anticipated problem before I do the domain configuration. The last problem that I anticipate is the following:

Our MD's laptop is currently logging in without a Microsoft account (in other words, he uses a standard local user profile in Windows 8.1 Pro). He has a whole lot of data in this profile. So now, when we configure the domain, obviously he will have to sign in using an Active Directory username and password. So question 1 is, is it possible to synchronize the current non-Windows Live account with the domain account? And second question is, when he's working from home, without the domain controller to authenticate logins, will he still be able to access his data and profile? In other words, what I'm really asking is, will we be able to kind of integrate the Active Directory account and local account as one account, but the authentication is AD based when he's at the office, but local if he's at home?

Thank you!

You really are best to consult with someone in your area, that can better assist you with what you are wanting to do. Unless you have an IT/LAN coordinator that knows how to do this stuff. This is something that is deeper than what we can help you on here.

There is the Slipstick.com website. It is dedicated to this kind of stuff. Slipstick Solutions is probably going to be your best resource.

Lotster said:

Our MD's laptop is currently logging in without a Microsoft account (in other words, he uses a standard local user profile in Windows 8.1 Pro). He has a whole lot of data in this profile. So now, when we configure the domain, obviously he will have to sign in using an Active Directory username and password. So question 1 is, is it possible to synchronize the current non-Windows Live account with the domain account?

Click to expand...

You will end up with 2 profiles under C:\users. My recommendations, just copy the items from one to the other. It's just My Documents, the desktop, and Internet favorites. It's the same sort of thing that I have to do when I upgrade a person at work from one computer to a new one.

Lotster said:

And second question is, when he's working from home, without the domain controller to authenticate logins, will he still be able to access his data and profile? In other words, what I'm really asking is, will we be able to kind of integrate the Active Directory account and local account as one account, but the authentication is AD based when he's at the office, but local if he's at home?

Thank you!

Click to expand...

Yes, when you log in against Active Directory, the machine will cache your account credentials. If you logon from home, with the domain controller not available, when you supply your username and password it logs in against those cached credentials.

The user will NOT use their local profile unless they login to the machine with the \\machinenname\local account. It will always use their domain profile, even when off the network and the domain controller is unavailable.

With an Active Directory domain, be sure that you setup at least 2 domain controllers. This way you have redundancy in case one of your domain controllers were to die. Nothing worse than having your entire domain down. Of course, this does mean you have to buy another license for Windows server. You may or may not need hardware to run it. All of our domain controllers are VMWare virtual machines these days.

broe23 said:

You really are best to consult with someone in your area, that can better assist you with what you are wanting to do. Unless you have an IT/LAN coordinator that knows how to do this stuff. This is something that is deeper than what we can help you on here.

Click to expand...

Some of us are IT guys and do this stuff for a living. Lots of us on this forum with this kind of experience.

pparks1 yes we all do this stuff for a living. But going through the information on what to do on an Internet forum. Does not replace one on one with a Consultant, that can be there on sight showing the OP what they need to do. Also be able to show up when they run into problems.

I look at these kind of subjects as more on the Classroom side of things, not hands on. That is because of how I was taught by my father, and through Navy IC school classroom & lab training. You can be taught only so much on a forum. But not able to actually have someone sit down with you and walk you through what you need to do, or show you how to do it in person. It not the same.

I spent a lot of time working on multi-million dollar navigational/gyro equipment, along with the IVCS telephone system. If you screwed something up, because you did not know what you were doing. Just because you read it in a manual or on a PMS card. Your rear was going up in front of not only the old man (CO), but also in front of the XO, ChEng, LPO & a couple of Chiefs (Master Chief if you really got the bad luck of the draw).

Even when I have people call me or email me about something. I will always just tell them to give me enough time to get to their place and fix it. Other than try and talk them through it over the phone, if it is something major like the OP is trying to do. The one site that they may want to look at, which has a lot of good information on this. Would be Outlook and Exchange Solutions Center - Slipstick Systems . They have been around since the days of the beginning of the Internet. About Slipstick Systems - Slipstick Systems

In all fairness i believe what pparks as suggested is great and probably would have said a very similar thing myself.

@broe23 i get what you are saying and by no means saying you are wrong but there are 2 main questions here that are both relatively simple and everyday tasks that i do.

1. Copy / Paste data from 1 profile to the other (Obviously computers will be computers and sometimes the most simplest of tasks turn out to be a pain)

2. The explanation of logging into the laptop away from the domain, as in it will used his cached credentials on the domain account but he won't actually be on the domain unless he connects via VPN etc..

Regards,
Jamie

@Broe23: Yeah I wouldn't try to explain all the steps to setting up Active Directory, but answering his direct questions were easy and straight-forward. I understand the beauty of formal training, but in so may businesses these days they are doing anything to save money and often times training and consulting budgets are cut and they simply try to wing it. Lots of IT technologies are setup using forums, and online training (from places like PluralSight).