I've been pulling together some old project notes about have arrived at a reasonable start to maintain strong security and avoid configuration issues. Here's the list. Do you have any additional recommendations?
These suggestions could take five to six full days of work to implement, but are worth the investment in view of the multitude of security risks that AD is vulnerable to when it’s not hardened. The only thing that "scares" me is that many SMEs probably lack the resources to pull this off without hiring a truckload of consultants.