活动目录部署方案
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
活动目录由一个或多个域组成,域是一个安全范围,可以跨越多个物理子网,每个域 只保存属于本域的对象。所有安全策略和设置在域之间不能交叉,域管理员在其负责的域 中具有设置策略的绝对权力。活动目录的信息存储在一个或多个域控制器上,每个域控制 器保存一份关于该域的所有活动目录信息的完整拷贝,并管理这些信息的变化,以及将这 些变化自动复制到域中的其它域控制器上。一个域中设置多个域控制器,提供了平衡负载 和容错特性。 域控制器管理用户与域交互的所有方面,如定位活动目录对象以及验证用户 登录请求等。
3.1.1. 软硬件配置 ····················································································································· 5 3.1.2. 操作步骤 ························································································································· 6 3.2. 创建组织结构 ························································································································· 6 3.3. 创建用户帐户 ························································································································· 7 3.4. 规划并设置组策略 ················································································································· 7 3.4.1. 计算机配置 ····················································································································· 8 3.4.2. 用户配置 ························································································································· 9 第 4 章. 网络服务器加入域·················································································································10 第 5 章. 客户端加入域 ·························································································································11 第 6 章. 应用场景 ·································································································································11 6.1. 一般用户的应用场景 ··········································································································· 11 6.2. 网络管理人员的应用场景 ··································································································· 12 第 7 章. 部署计划及报价·····················································································································12 7.1. 部署报价 ······························································································································· 12 7.2. 相关软件报价 ······················································································································· 13
XXXX 设计院
活动目录部署方案建议书
北京鹏宇成软件技术有限公司 2009 年 10 月
目录
第 1 章. 活动目录简介 ···························································································································1 第 2 章. 方案建议 ···································································································································1
邮编:100088
电话:010-82800223
网址:http://www.pyc.com.cn
第 3 页 共 13 页
东北电力设计院
2.3. 网络架构
活动目录部署方案建议书
从上图中可以看出,活动目录的部署不需要改变现有的网络架构,只需要在服务器端 新增加两台服务器提供活动目录服务,创建组织结构及用户帐户,规划组策略;根据实际 需要对网络服务器进行分类、整合并加入到新的活动目录中;客户端需要重新进行安装并 加入域,保证权限及组策略等成功实施。
部署内容
部署活动目录
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
电话:010-82800223
网址:http://www.pyc.com.cn
第 4 页 共 13 页
东北电力设计院
安装域控制器 创建组织结构 创建用户帐户 规划并设置组策略 网络服务器加入域 安全评估 系统备份 加入域 客户端加入域 安装操作系统 安装防病毒等安全软件 安装应用软件 加入域
2.2. 管理建议
软件清单
对客户端进行分类
规定客户端安装的软件
命名规则
用户帐户的命名规则
计算机帐户的名称规则
服务器应用命名规则
DHCP、DNS、WINS、IP 信息的配置规则
口令修改规则
用户网络权限规则和记录
用户操作客户端的权限
文件权限
应用程序权限
打印权限
上网权限
邮件权限
VPN 用户权限
电话:010-82800223
网址:http://www.pyc.com.cn
第 1 页 共 13 页
东北电力设计院
活动目录部署方案建议书
客户端 终端用户使用网络方便,能够有清晰明确的网络访问权限,及时快捷的沟通方式、
方便的群体协作工作方式,智能的办公方式、快速的信息查询、及时的技术支持,利 用网络极大的提高工作效率。
2.1. 方案目标 ································································································································· 1 2.2. 管理建议 ································································································································· 2 2.3. 网络架构 ································································································································· 4 第 3 章. 部署活动目录 ···························································································································5 3.1. 安装域控制器 ························································································································· 5
数据库权限
信息系统修改日志格式和规则
IT 服务日志记录
网络用户常见故障和问题解答 FAQ
用户培训记录
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
电话:010-82800223
网址:http://www.pyc.com.cn
活动目录是 Windows Server 2003/2008 域中的目录服务,用来组织网络资源以便于管理 和查找。活动目录包括存储网络资源信息的目录以及使得这些资源可以被访问和使用的所 有服务。在活动目录中存储的所有网络资源,均被称为对象(Object)。如: 用户帐号、组 帐号、用户数据、应用程序、计算机、打印机、服务、安全策略、域、树、森林等。每个 对象都是由一些属性(attributes)来定义的。
东北电力设计院
活动目录Baidu Nhomakorabea署方案建议书
第1章. 活动目录简介
Windows Server 2008 是微软目前最新的企业级网络服务器产品版本。活动目录 Active Directory 则是 Windows Server 2008 最重要的功能之一。通过有效规划与部署活动目录, 将全院所有计算机纳入统一管理框架之下,实现信息利用、信息安全、权限管理、补丁管 理、软件资产管理等方面的统一管理和服务。因此,必须重新设计现有的活动目录拓扑结 构,充分利用活动目录的管理功能来管理网络中的资源和应用。
第 2 页 共 13 页
东北电力设计院
数据备份制度和记录
数据备份规范
日志备份和查阅
网络应用记录和规则
增加和删除网络应用记录
突发事件响应制度和记录
安全事故
服务器灾难故障恢复
突发事件响应小组及其流程和相应的应对策略
活动目录部署方案建议书
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
第2章. 方案建议
2.1. 方案目标
服务器端 服务器运行稳定安全,有完备的安全策略和灾难恢复准备,网络服务有冗余,网络
应用负载平衡,网络管理员可远程对服务器进行管理、维护和故障恢复。
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
3.1.1. 软硬件配置 ····················································································································· 5 3.1.2. 操作步骤 ························································································································· 6 3.2. 创建组织结构 ························································································································· 6 3.3. 创建用户帐户 ························································································································· 7 3.4. 规划并设置组策略 ················································································································· 7 3.4.1. 计算机配置 ····················································································································· 8 3.4.2. 用户配置 ························································································································· 9 第 4 章. 网络服务器加入域·················································································································10 第 5 章. 客户端加入域 ·························································································································11 第 6 章. 应用场景 ·································································································································11 6.1. 一般用户的应用场景 ··········································································································· 11 6.2. 网络管理人员的应用场景 ··································································································· 12 第 7 章. 部署计划及报价·····················································································································12 7.1. 部署报价 ······························································································································· 12 7.2. 相关软件报价 ······················································································································· 13
XXXX 设计院
活动目录部署方案建议书
北京鹏宇成软件技术有限公司 2009 年 10 月
目录
第 1 章. 活动目录简介 ···························································································································1 第 2 章. 方案建议 ···································································································································1
邮编:100088
电话:010-82800223
网址:http://www.pyc.com.cn
第 3 页 共 13 页
东北电力设计院
2.3. 网络架构
活动目录部署方案建议书
从上图中可以看出,活动目录的部署不需要改变现有的网络架构,只需要在服务器端 新增加两台服务器提供活动目录服务,创建组织结构及用户帐户,规划组策略;根据实际 需要对网络服务器进行分类、整合并加入到新的活动目录中;客户端需要重新进行安装并 加入域,保证权限及组策略等成功实施。
部署内容
部署活动目录
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
电话:010-82800223
网址:http://www.pyc.com.cn
第 4 页 共 13 页
东北电力设计院
安装域控制器 创建组织结构 创建用户帐户 规划并设置组策略 网络服务器加入域 安全评估 系统备份 加入域 客户端加入域 安装操作系统 安装防病毒等安全软件 安装应用软件 加入域
2.2. 管理建议
软件清单
对客户端进行分类
规定客户端安装的软件
命名规则
用户帐户的命名规则
计算机帐户的名称规则
服务器应用命名规则
DHCP、DNS、WINS、IP 信息的配置规则
口令修改规则
用户网络权限规则和记录
用户操作客户端的权限
文件权限
应用程序权限
打印权限
上网权限
邮件权限
VPN 用户权限
电话:010-82800223
网址:http://www.pyc.com.cn
第 1 页 共 13 页
东北电力设计院
活动目录部署方案建议书
客户端 终端用户使用网络方便,能够有清晰明确的网络访问权限,及时快捷的沟通方式、
方便的群体协作工作方式,智能的办公方式、快速的信息查询、及时的技术支持,利 用网络极大的提高工作效率。
2.1. 方案目标 ································································································································· 1 2.2. 管理建议 ································································································································· 2 2.3. 网络架构 ································································································································· 4 第 3 章. 部署活动目录 ···························································································································5 3.1. 安装域控制器 ························································································································· 5
数据库权限
信息系统修改日志格式和规则
IT 服务日志记录
网络用户常见故障和问题解答 FAQ
用户培训记录
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088
电话:010-82800223
网址:http://www.pyc.com.cn
活动目录是 Windows Server 2003/2008 域中的目录服务,用来组织网络资源以便于管理 和查找。活动目录包括存储网络资源信息的目录以及使得这些资源可以被访问和使用的所 有服务。在活动目录中存储的所有网络资源,均被称为对象(Object)。如: 用户帐号、组 帐号、用户数据、应用程序、计算机、打印机、服务、安全策略、域、树、森林等。每个 对象都是由一些属性(attributes)来定义的。
东北电力设计院
活动目录Baidu Nhomakorabea署方案建议书
第1章. 活动目录简介
Windows Server 2008 是微软目前最新的企业级网络服务器产品版本。活动目录 Active Directory 则是 Windows Server 2008 最重要的功能之一。通过有效规划与部署活动目录, 将全院所有计算机纳入统一管理框架之下,实现信息利用、信息安全、权限管理、补丁管 理、软件资产管理等方面的统一管理和服务。因此,必须重新设计现有的活动目录拓扑结 构,充分利用活动目录的管理功能来管理网络中的资源和应用。
第 2 页 共 13 页
东北电力设计院
数据备份制度和记录
数据备份规范
日志备份和查阅
网络应用记录和规则
增加和删除网络应用记录
突发事件响应制度和记录
安全事故
服务器灾难故障恢复
突发事件响应小组及其流程和相应的应对策略
活动目录部署方案建议书
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
第2章. 方案建议
2.1. 方案目标
服务器端 服务器运行稳定安全,有完备的安全策略和灾难恢复准备,网络服务有冗余,网络
应用负载平衡,网络管理员可远程对服务器进行管理、维护和故障恢复。
北京鹏宇成软件技术有限公司 地址:北京市海淀区知春路 6 号锦秋国际大厦 A 座 1601-1603 室
邮编:100088