活动目录部署方案

XXXX设计院活动目录部署方案建议书北京鹏宇成软件技术有限公司2009年10月目录第1章.活动目录简介···························································································································1第2章.方案建议···································································································································12.1.方案目标·································································································································12.2.管理建议·································································································································22.3.网络架构·································································································································4第3章.部署活动目录···························································································································53.1.安装域控制器·························································································································53.1.1.软硬件配置·····················································································································53.1.2.操作步骤·························································································································63.2.创建组织结构·························································································································63.3.创建用户帐户·························································································································73.4.规划并设置组策略·················································································································73.4.1.计算机配置·····················································································································83.4.2.用户配置·························································································································9第4章.网络服务器加入域·················································································································10第5章.客户端加入域·························································································································11第6章.应用场景·································································································································116.1.一般用户的应用场景···········································································································116.2.网络管理人员的应用场景···································································································12第7章.部署计划及报价·····················································································································127.1.部署报价·······························································································································127.2.相关软件报价·······················································································································13东北电力设计院活动目录部署方案建议书北京鹏宇成软件技术有限公司地址：北京市海淀区知春路6号锦秋国际大厦A座1601-1603室邮编：100088电话：010-82800223网址：是微软目前最新的企业级网络服务器产品版本。活动目录ActiveDirectory则是WindowsServer2008最重要的功能之一。通过有效规划与部署活动目录，将全院所有计算机纳入统一管理框架之下，实现信息利用、信息安全、权限管理、补丁管理、软件资产管理等方面的统一管理和服务。因此，必须重新设计现有的活动目录拓扑结构，充分利用活动目录的管理功能来管理网络中的资源和应用。活动目录是WindowsServer2003/2008域中的目录服务，用来组织网络资源以便于管理和查找。活动目录包括存储网络资源信息的目录以及使得这些资源可以被访问和使用的所有服务。在活动目录中存储的所有网络资源，均被称为对象（Object）。如：用户帐号、组帐号、用户数据、应用程序、计算机、打印机、服务、安全策略、域、树、森林等。每个对象都是由一些属性（attributes）来定义的。活动目录由一个或多个域组成，域是一个安全范围，可以跨越多个物理子网，每个域只保存属于本域的对象。所有安全策略和设置在域之间不能交叉，域管理员在其负责的域中具有设置策略的绝对权力。活动目录的信息存储在一个或多个域控制器上，每个域控制器保存一份关于该域的所有活动目录信息的完整拷贝，并管理这些信息的变化，以及将这些变化自动复制到域中的其它域控制器上。一个域中设置多个域控制器，提供了平衡负载和容错特性。域控制器管理用户与域交互的所有方面，如定位活动目录对象以及验证用户登录请求等。第2章.方案建议2.1.方案目标服务器端服务器运行稳定安全，有完备的安全策略和灾难恢复准备，网络服务有冗余，网络应用负载平衡，网络管理员可远程对服务器进行管理、维护和故障恢复。东北电力设计院活动目录部署方案建议书北京鹏宇成软件技术有限公司地址：北京市海淀区知春路6号锦秋国际大厦A座1601-1603室邮编：100088电话：010-82800223网址：页客户端终端用户使用网络方便，能够有清晰明确的网络访问权限，及时快捷的沟通方式、方便的群体协作工作方式，智能的办公方式、快速的信息查询、及时的技术支持，利用网络极大的提高工作效率。2.2.管理建议软件清单对客户端进行分类规定客户端安装的软件命名规则用户帐户的命名规则计算机帐户的名称规则服务器应用命名规则DHCP、DNS、WINS、IP信息的配置规则口令修改规则用户网络权限规则和记录用户操作客户端的权限文件权限应用程序权限打印权限上网权限邮件权限VPN用户权限数据库权限信息系统修改日志格式和规则IT服务日志记录网络用户常见故障和问题解答FAQ用户培训记录东北电力设计院活动目录部署方案建议书北京鹏宇成软件技术有限公司地址：北京市海淀区知春路6号锦秋国际大厦A座1601-1603室邮编：100088电话：010-82800223网址：页数据备份制度和记录数据备份规范日志备份和查阅网络应用记录和规则增加和删除网络应用记录突发事件响应制度和记录安全事故服务器灾难故障恢复突发事件响应小组及其流程和相应的应对策略东北电力设计院活动目录部署方案建议书北京鹏宇成软件技术有限公司地址：北京市海淀区知春路6号锦秋国际大厦A座1601-1603室邮编：100088电话：010-82800223网址：网络架构从上图中可以看出，活动目录的部署不需要改变现有的网络架构，只需要在服务器端新增加两台服务器提供活动目录服务，创建组织结构及用户帐户，规划组策略；根据实际需要对网络服务器进行分类、整合并加入到新的活动目录中；客户端需要重新进行安装并加入域，保证权限及组策略等成功实施。部署内容部署活动目录东北电力设计院活动目录部署方案建议书北京鹏宇成软件技术有限公司地址：北京市海淀区知春路6号锦秋国际大厦A座1601-1603室邮编：100088电话：010-82800223网址：页安装域控制器创建组织结构创建用户帐户规划并设置组策略网络服务器加入域安全评估系统备份加入域客户端加入域安装操作系统安装防病毒等安全软件安装应用软件加入域第3章.部署活动目录3.1.安装域控制器3.1.1.软硬件配置硬件微机服务器2台CPU：3.2G内存：2G硬盘：300G*2（操作系统镜像）网卡：1000M软件Windows2008ServerR2WindowsUpdates防