活动目录部署方案
2.1. 方案目标 ································································································································· 1 2.2. 管理建议 ································································································································· 2 2.3. 网络架构 ································································································································· 4 第 3 章. 部署活动目录 ···························································································································5 3.1. 安装域控制器 ························································································································· 5
XXXX 设计院
活动目录部署方案建议书
北京鹏宇成软件技术有限公司 2009 年 10 月
目录
第 1 章. 活动目录简介 ···························································································································1 第 2 章. 方案建议 ···································································································································1
数据库权限
信息系统修改日志格式和规则
IT 服务日志记录
网络用户常见故障和问题解答 FAQ
用户培训记录
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
电话:010-82800223
网址:
电话:010-82800223
网址:
第 1 页 共 13 页
东北电力设计院
活动目录部署方案建议书
客户端 终端用户使用网络方便,能够有清晰明确的网络Байду номын сангаас问权限,及时快捷的沟通方式、
方便的群体协作工作方式,智能的办公方式、快速的信息查询、及时的技术支持,利 用网络极大的提高工作效率。
2.2. 管理建议
软件清单
对客户端进行分类
规定客户端安装的软件
命名规则
用户帐户的命名规则
计算机帐户的名称规则
服务器应用命名规则
DHCP、DNS、WINS、IP 信息的配置规则
口令修改规则
用户网络权限规则和记录
用户操作客户端的权限
文件权限
应用程序权限
打印权限
上网权限
邮件权限
VPN 用户权限
活动目录是 Windows Server 2003/2008 域中的目录服务,用来组织网络资源以便于管理 和查找。活动目录包括存储网络资源信息的目录以及使得这些资源可以被访问和使用的所 有服务。在活动目录中存储的所有网络资源,均被称为对象(Object)。如: 用户帐号、组 帐号、用户数据、应用程序、计算机、打印机、服务、安全策略、域、树、森林等。每个 对象都是由一些属性(attributes)来定义的。
第 2 页 共 13 页
东北电力设计院
数据备份制度和记录
数据备份规范
日志备份和查阅
网络应用记录和规则
增加和删除网络应用记录
突发事件响应制度和记录
安全事故
服务器灾难故障恢复
突发事件响应小组及其流程和相应的应对策略
活动目录部署方案建议书
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
3.1.1. 软硬件配置 ····················································································································· 5 3.1.2. 操作步骤 ························································································································· 6 3.2. 创建组织结构 ························································································································· 6 3.3. 创建用户帐户 ························································································································· 7 3.4. 规划并设置组策略 ················································································································· 7 3.4.1. 计算机配置 ····················································································································· 8 3.4.2. 用户配置 ························································································································· 9 第 4 章. 网络服务器加入域·················································································································10 第 5 章. 客户端加入域 ·························································································································11 第 6 章. 应用场景 ·································································································································11 6.1. 一般用户的应用场景 ··········································································································· 11 6.2. 网络管理人员的应用场景 ··································································································· 12 第 7 章. 部署计划及报价·····················································································································12 7.1. 部署报价 ······························································································································· 12 7.2. 相关软件报价 ······················································································································· 13
第2章. 方案建议
2.1. 方案目标
服务器端 服务器运行稳定安全,有完备的安全策略和灾难恢复准备,网络服务有冗余,网络
应用负载平衡,网络管理员可远程对服务器进行管理、维护和故障恢复。
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
活动目录由一个或多个域组成,域是一个安全范围,可以跨越多个物理子网,每个域 只保存属于本域的对象。所有安全策略和设置在域之间不能交叉,域管理员在其负责的域 中具有设置策略的绝对权力。活动目录的信息存储在一个或多个域控制器上,每个域控制 器保存一份关于该域的所有活动目录信息的完整拷贝,并管理这些信息的变化,以及将这 些变化自动复制到域中的其它域控制器上。一个域中设置多个域控制器,提供了平衡负载 和容错特性。 域控制器管理用户与域交互的所有方面,如定位活动目录对象以及验证用户 登录请求等。
