For Windows it absolutely is in order of listing however. Typical behaviour is no reply after a second against the primary DNS results in it moving down the list.

Redundancy aside, this is more important when you span multiple datacenters and always want lookups going to the completely local or most local DC available.

TIL about the Linux/BSD not having preference though. Good to know.

Thanks for the post, super appreciate the posting of other communties. I think this is a great way to grow Lemmy and create discoverability for niche communities, I’ll keep that in mind myself on future opportunities.

deleted by creator

If he recognized his typo with the space after the D:\ in his restore command he could have been saved at the bargaining stage. I am so glad I don’t work with this stuff anymore.

The attack vectors I’m thinking of just come from the inherent complexity and centralization. I’m just considering the amount of damage that can be done with a compromised DA account for example vs a non directory environment.

It’s complicated. Done right it can be more secure, not done right it’s less secure.

I also only get brought in for problems for the last however many years, so I’m probaby a bit biased at this point haha.

I have had to tell companies they are going to have to rebuild thier AD from scratch because they didn’t know what thier DSRM password was (usually after a ransomware attack). These are the sort of hassles I think about vs non AD.

You could look at freeIPA or something similar to stay on Linux.

I’m an AD specialist, starting when it came out with server 2000, and can tell you it’s a waste of time for a home network unless you are doing this just because you want to learn it.

It will definitly not make your life any easier, and will increase attack vectors, especially if you don’t know how to secure and protect it.

And also not updating them when things change. The recovery process for a database changes considerably once it’s involved in replication, which one client found out the hard way.

It’s datacapped at 1TB before you get throttled, and the performance is always degrading, and you have to buy from an asshole.

I’d do it if I was desperate, but it’d essentially have to be the only option available.