I'm currently tasked with designing and configuring the Active Directory (AD) setup for my startup, which has three office branches in the same country. This is my first experience with servers and AD, and I feel a bit overwhelmed.
My main goals are to establish a centralized authentication system, create a foundation for future centralized control of all hosts (using Group Policies, policies, etc.), and set up a simple, reliable, and secure AD design that isn't over-engineered, given our startup environment.
I'm aware that my requirements might sound vague as I'm still learning the core concepts, but I want to ensure I deliver a working solution.
Here's what I'm looking for help with:
- Recommended AD architecture (like forest, domain, sites)
- Placement of Domain Controllers across branches
- Best practices for DNS, replication, and security
- Common pitfalls for beginners to avoid
- Real-world advice that could have helped you when you started
Any guidance from experienced admins would be greatly appreciated! Thanks!
3 Answers
Have you considered whether you truly need an on-prem AD? For a startup, using Entra ID combined with Intune could save you a lot of headaches. It’s simpler and more flexible.
Honestly, if you're just starting out, it might be beneficial to bring in a third-party consultant to help you design the system. There's a lot to consider, and starting on the right foot can save you down the line!
I can second the recommendation for using a cloud-native approach with Entra and Intune. They come with plenty of resources and guides to help you out. And if you do still need on-prem solutions, make sure you check out the Microsoft guidelines for securing AD.
Yeah, I totally agree with this! AD feels outdated, especially with everything moving to the cloud these days.