The big job is not setting up the AD itself, that's the easy part as long as you aren't going to need setup a whole forest and trusts or cross forest trust, saml, federation and stuff, that's where stuff can really get hairy and you need to have both networking, application and AD knowledge going.
Now, the big thing is, what are the AD supposed to do. As PainIs4ThaWeak1 already was in on, GPO's rights, etc. What are your structure supposed to enforce. Is it only going to be a basic user directory. Do you wan't to have integrations with other things, like group membership will give access to mail, business systems, vpn, etc.
How does the organisation look today. Do you have separation of duties setup, or is data all contained locally, or on shares, how are rights setup today.
What do you wan't to do with the AD. Do you have a need for controlling rights, application logins, share access, etc.
What it boils down to is not the technical side, but the organisational side of what policies you have and if you have a need to enforce them, and in that case, which parts will the AD help you enforce.
Also, AD generally have zip to do with networking. In a larger organisations, I've mostly seen separation into separate groups with AD/Exchange(mail), Client, Server, Security(Technical and Informational groups), Networking (routing/Switching and Firewall/proxy/vpn groups).
Edit: With regards to upkeep, you need to have a schedule for patching, and if you are going to start using AD for rights and logins, who and when will new employees be configured, is it a big turnaround, what are the defaults going to be. What about any other incidents or changes that needs to be performed, etc.And also, backups, and recovery plans. What happens if/when the AD goes down, for how long can you work without it, can you survive on local login for profiles for a few days.
Now, for small shops they usually call their usual contact, or put in a ticket to the ones doing the consulting, so just make sure that expectations are in the right place. And depending if they have anybody at least a bit tech savy themselves, can some things be performed in the day-to-day business, like setup of new users, assigning rights, etc. What are needed for this, instructions for certain tasks, etc.
Last edited by Aphasia
on Mon Jul 13, 2015 2:51 pm, edited 1 time in total.