Project Overview
Chuangxin Company is a network project integration enterprise. Through reasonable operation and management, the company has developed rapidly, with about 100 employees. In order to meet the needs of the company's future development and business operations. , The company plans to deploy a local area network consisting of about 100 computers to complete corporate data communication and resource sharing.
In view of the above situation, using the "domain" and "OU" of windows server 2016 can completely match the network structure with the company's management model, and manage users and computers in the network according to the company's management level. It adopts a single domain structure and the domain name is chuangxin.com.cn. Compared with a multi-domain structure, it can realize centralized management of network resources, and guarantee the simplicity and low cost of management. To ensure reliability, two domain controllers need to be installed.
OU is divided based on the company's department, divided into 5 OUs, using a domain environment for centralized management, and a company network environment.
Design requirements
require the
company to manage by department, each department has a manager, and all departments are under the unified management of the general manager. The account of each department cannot log in to other departments, and it is only allowed to log in to the computer during working hours. Department managers should have the right to add employees in their own department and reset their account and password to reduce the workload of managing employees. The company has a reasonable user management system. All users adopt a unified naming convention and manage user accounts according to different departments.
The policy requires
that the security of employee accounts and passwords be ensured, and employees are required to change their passwords on a regular basis, and there must be standards for attempts to guess passwords. In order to reflect the company’s good unified image, the desktop background of the company’s computers is required to be unified, but the desktop background of the marketing department is another occupancy background and employees cannot be allowed to change the desktop background at will, but department managers are not subject to this restriction, and certain departments of the company are prohibited from using it Registry Editor. Distribute the "MBSA" software to each employee's office machine.
Domain management requires that in
order for the two domain controllers to provide services faster, part of the operations master role in the primary domain controller needs to be transferred to an additional domain controller. In order to ensure the security of employee account information, the Active Directory database is regularly backed up.
Project implementation
User accounts are
created in the OU of each department to create unique domain user accounts for employees of the department. The departments are divided as follows:
Personnel Department: Responsible for personnel recruitment, overall coordination of various departments, event planning, etc.
Technical Department: Responsible for office network management and maintenance, pre-sales and after-sales technical support, etc.
Project Department: Responsible for project planning goals, project establishment, organization and implementation, etc.
Marketing Department: Responsible for customer contact, project negotiation, market promotion, etc.
Finance Department: Responsible for salary settlement, company account management, etc.
账户名为员工姓名的拼音。要求域用户账户在第一次登录时更改密码。
密码最小长度为8,并且符合复杂性要求。
为每个部门创建全剧组。
部门经理计算机需要安装AD DS管理工具。
委派的各部门经理有对本部门员工修改、删除用户等权限,并可设置员工登录系统的 
The
establishment of group strategy Group strategy restricts the desktop background of employees' office and computer to be consistent. Marketing department has all the distinctions, and the screening of department manager
accounts is not affected by this strategy.
The establishment of a group policy prohibits the use of registry editors by the personnel department, marketing department and finance department.
Establish a software distribution strategy and distribute the "MBSA" software to all employees' office machines.
Use refined strategy areas to separate financial departments.
Domain management
establishes additional domain controllers.
Transfer the three roles of RID, PDC, and infrastructure master to additional domain controllers.
Manually back up the Active Directory once. Automatic backup is performed every Saturday at 10 pm, and the active directory backup is automatically performed according to the task plan and the AD recycle bin is enabled.
