Fully Functional Domain from Zero

gjacobse

(every time I hear "Fully Function" I wanna say ",...Friction Folder" which is from watching Forged in Fire.)

What would be the 'expected timeline' on building a Fully Functional Domain from Zero? Domain names are planned,.. but as of yet nothing purchased.

Now, I realize that some aspects of that depend on how many people need to be on boarded - but also not really with the use of things discussed with @EddieJennings using Powershell and such things.

If you don't need much in the way of hardware to spin up, you can use AAD & O365.

But, could one say - a core system minus the needed desktops for users, and any onsite servers for needs could be spun up in 1-3 days? Much of that time likely needed just for proper replications?

Dashrender

@gjacobse I think we need a lot more details.

You're talking about domains - but do you mean AD or AAD or something else?

JasGot

@gjacobse Your questions leave out a lot of information.

I just did this in under three hours:

1. registered a new domain
2. brought it to life on a WHM/cPanel server as domain.tld
3. unboxed three Dell PE 540s
4. powered them on
5. built a new AD Domain on the first 540 using a subdomain (ad.domain.tld) from step one
6. provisioned DHCP
7. provisioned DNS
8. added the other two 540s to the new subdomain
9. installed our RMM software on all three
10. created one OU and one user in AD
11. added our default (standard) GPO policies

Since it was time for lunch, I kicked off Windows updates and left. After lunch we boxed them up and took them to their rack at the customer and powered them back on.

We' joined one PC to the domain and logged in as the user created in step 10. Everything beyond this is customer specific (read: "Custom")

This fully functional three server domain was ready to go in three hours. It took another 4 hours to get lunch, box them up and drive them over to the customer site and load them in the rack and power them on and join that one PC.

If you have nothing else going on, this is a one day task. If you have other projects in motion, 3 days is reasonable.

Dashrender

I feel it's weird to talk about AAD as a domain, but that's just probably me.

Spinning up a greenfield AAD should take about 20 mins - If the real email domain is already owned and controlled by you, you can setup ADD using that straight out of the gate, and skip the whole OnMicrosoft.com domain stuff - but I ran into something about 8 months ago (i completely forget the details) that seemed to imply not having the OnMicrosoft.com stuff in there could cause other issues.

Generally you can setup a new AAD by just creating a new account, creating the first user in that account - and ta da... done.

Then add your email domain name.

I'm not sure what more you want setup - of course there are many things you can do to lock it down.. Daniel B will know all that stuff.

Dashrender

@jasgot said in Fully Functional Domain from Zero:

@gjacobse Your questions leave out a lot of information.

I just did this in under three hours:

1. registered a new domain
2. brought it to life on a WHM/cPanel server as domain.tld
3. unboxed three Dell PE 540s
4. powered them on
5. built a new AD Domain on the first 540 using a subdomain (ad.domain.tld) from step one
6. provisioned DHCP
7. provisioned DNS
8. added the other two 540s to the new subdomain
9. installed our RMM software on all three
10. created one OU and one user in AD
11. added our default (standard) GPO policies

Since it was time for lunch, I kicked off Windows updates and left. After lunch we boxed them up and took them to their rack at the customer and powered them back on.

We' joined one PC to the domain and logged in as the user created in step 10. Everything beyond this is customer specific (read: "Custom")

This fully functional three server domain was ready to go in three hours. It took another 4 hours to get lunch, box them up and drive them over to the customer site and load them in the rack and power them on and join that one PC.

If you have nothing else going on, this is a one day task. If you have other projects in motion, 3 days is reasonable.

WTH? Windows Server on bare metal? It's not 1998...

gjacobse

@jasgot

You must have been sitting on the Dell PEs then... with the shortage things are on back order.

But - good to know.

gjacobse

@dashrender

Do you mean AAD over ADD?

Dashrender

@gjacobse said in Fully Functional Domain from Zero:

@dashrender

Do you mean AAD over ADD?

Type-o - fixed.

I meant AAD vs AD - i.e. cloud vs likely onprem or colo

gjacobse

@dashrender said in Fully Functional Domain from Zero:

@gjacobse I think we need a lot more details.

You're talking about domains - but do you mean AD or ADD or something else?

Everything needed for a proper Domain - Lan-less or not - for a new business that until you walked through the door - didn't / doesn't have anything. Not even a purchase order for a server or services.

Dashrender

@gjacobse said in Fully Functional Domain from Zero:

@dashrender said in Fully Functional Domain from Zero:

@gjacobse I think we need a lot more details.

You're talking about domains - but do you mean AD or ADD or something else?

Everything needed for a proper Domain - Lan-less or not - for a new business that until you walked through the door - didn't / doesn't have anything. Not even a purchase order for a server or services.

Why even talk about a domain? Listening to Scott, and some others, those are basically dead....

Even if I go full on M365, and join Win10 computers to AAD, I barely look at it as a domain.. even though, yeah.. it is one.

JaredBusch

@gjacobse said in Fully Functional Domain from Zero:

proper Domain - Lan-less or not -

You are mixing things up for certain, because those two things don't mean shit to each other.

Domain != AD or AAD unless you are specifically asking for a Windows Domain.

So stop, go back to simple and clarify WTF you want.

Edit: @scottalanmiller would be like 20 posts in already on this if he was around.

Dashrender

@gjacobse

If I'm walking into a greenfield situation - I would likely skip any and all local infrastructure as much as possible.

Setup an account on M365, no licenses are actually required - you just can't do much (like no email, etc) without a license. But you can administrate the environment.

Purchase email domain name if not already acquired.

Setup domain name in M365
setup security settings in M365
Create users in M365
pass out credentials

Done

As for the local network - ER4 or whatever is current at that level for gateway and DHCP.

Dashrender

I'm not in a greenfield setup, and I'm still actually trying to ask this same question - but I have several requirements.

20 shared front desk computers - each user needs to be able to log in as themselves at any of them (personalized logon required so they can lock the machine when they step away)

deploy printers automatically

gather windows update status

access shared files from anywhere

Access email from anywhere

remotely manage machines

I'm sure there are more if I spend time thinking about it.

JasGot

@gjacobse said in Fully Functional Domain from Zero:

But, could one say - a core system minus the needed desktops for users, and any onsite servers for needs could be spun up in 1-3 days?

I took this to mean "maybe the hardware is already acquired".

gjacobse

@jasgot said in Fully Functional Domain from Zero:

@gjacobse said in Fully Functional Domain from Zero:

But, could one say - a core system minus the needed desktops for users, and any onsite servers for needs could be spun up in 1-3 days?

I took this to mean "maybe the hardware is already acquired".

No - No hardware. Greenfield

JasGot

@gjacobse said in Fully Functional Domain from Zero:

@jasgot said in Fully Functional Domain from Zero:

@gjacobse said in Fully Functional Domain from Zero:

But, could one say - a core system minus the needed desktops for users, and any onsite servers for needs could be spun up in 1-3 days?

I took this to mean "maybe the hardware is already acquired".

No - No hardware. Greenfield

Okay. Then 21 days for Hardware.

EddieJennings

@gjacobse said in Fully Functional Domain from Zero:

Now, I realize that some aspects of that depend on how many people need to be on boarded - but also not really with the use of things discussed with @EddieJennings using Powershell and such things.

Didn’t think your were in a greenfield, unless you’re asking hypothetically.

gjacobse

@eddiejennings said in Fully Functional Domain from Zero:

@gjacobse said in Fully Functional Domain from Zero:

Now, I realize that some aspects of that depend on how many people need to be on boarded - but also not really with the use of things discussed with @EddieJennings using Powershell and such things.

Didn’t think your were in a greenfield, unless you’re asking hypothetically.

Different project - not current employment / involvement.

Dashrender

@gjacobse Can we start over with a list of requirements instead of thinking we must start with 'domain'?

PhlipElder

@gjacobse Set up the Hyper-V host from scratch about 60-75 minutes up to date.

Set up the required base OS virtual machines about 45-60 minutes (count does not matter).

Greenfield Active Directory, OUs, GPOs, DNS, DHCP, Folders, and Shares about 45-60 minutes.

Import and configuration of base GPOs about 60 minutes.

Exchange on-premises about 30 minutes post Exchange install.

Script to set up users, their groups, and their mailbox about 60 minutes.

Time to run the script: 60 seconds.

Done.

User count does not matter. All in PowerShell.

And yes, all of our clients are on-premises Exchange.

EDIT: We charge a flat fee for the above.