Description of the AD domain project \r\n \ r \ nI. Centralized rights management and reduced management costs \ r \ nIn a domain environment, all network resources (including users) are centrally managed on a domain controller. All users can authenticate in the domain as long as they log in, and administrators can manage computer resources better, which greatly reduces the cost of managing the network. Preventing employees from installing software at will can enhance the security of clients, reduce client failures and reduce maintenance costs. Through domain management, software and patches can be effectively distributed and distributed, so as to realize the installation together in the network and ensure the unity of software in the network. Restrict employees' online environment and prohibit access to other websites outside work. \ r \ nSecondly, the security performance is enhanced and the authority is more clear, which is beneficial to the management of some confidential information of enterprises. For example, one person is allowed to read and write a disk, and another person is not allowed to read and write; Which file is only for whom; Or let some people see it, but they can't delete/change/move it. You can seal the USB port of the client to prevent the disclosure of confidential company information. Security is fully integrated with Active directory. Access control can be defined not only on each object in the directory, but also on the properties of each object. The Active \ r \ directory provides the storage and application scope of security policies. Security policies can include account information, such as password restrictions within a domain or access rights to specific domain resources; Issue and implement security policies through group policy settings. \ r \ nThird, account roaming and folder redirection \ r \ nPersonal account work files and data can be stored on the server, which can be uniformly backed up and managed, making users' data more secure. When the client fails, just use other clients to install the corresponding software and log in with the user account. Users will find that their files are still in the "original location" (such as my documents) and have not been lost, so that they can repair the fault faster. When the server is offline (failure or other circumstances), the "offline folder" technology will automatically let the user continue to work with the locally cached version of the file, and synchronize with the file on the server when logging off or logging on to the system to ensure that the user's work will not be interrupted. \ r \ n Fourth, it is convenient for users to use various shared resources \ r \ n Administrators can assign login scripts to map the root directory of distributed file systems for unified management. After logging in, users can use the resources on the network just like using the local drive letter, without entering the password again. Users only need to remember a pair of user names/passwords. You can set the access, reading and modification rights of various resources, and different accounts can have different access rights. Even if the location of the resource changes, the user does not need any operation, only the administrator needs to modify the link point and set the relevant permissions. Users don't even realize the change of resource location, and they don't have to remember which resources are on which server as before. \ r \ nV。 SMS system management server \ r \ nCan distribute applications, system patches, etc. , the user can choose to install it, or it can be automatically installed by the system administrator. And the system patches (such as WindowsUpdates) can be managed centrally, without downloading the same patches from every client server, which saves a lot of network bandwidth. \ r \ nVI。 Flexible query mechanism \ r \ Users and administrators can use the Start menu, Network Neighborhood or Search command on ActiveDirectory Users and Computers to quickly find objects on the network through object properties. For example, you can find users by their first name, last name, e-mail name, office location or other attributes of their accounts. Use the global catalog to optimize search information. \ r \ nVII。 Active directory with good scalability \ r \ nwin2k has strong scalability. Administrators can add new object classes to the plan or add new attributes to existing object classes. The plan includes the definition of each object class and the attributes of the object classes that can be stored in the directory. \ r \ three. Promote the integration of MS software, such as ISA, Exchange, Team Foundation Server, SharePoint, SQL Server, etc. \r\nJ nine. Suggestions on domain planning \r\n 1. System integration In the process of enterprise network maintenance, AD and BAD are constructed by single domain and single site management mode, that is, primary domain controller and backup domain controller, and personnel and computers in various departments are centrally managed by OU (Organization Unit) mode. This management mode reduces the cost, management complexity and maintenance. \r\n \r\n2, AD (main domain controller): all rights management of the company, establishment of users, management and implementation of various policies and software to each computer. \r\n \r\n3, BAD (backup domain controller): adopt the same settings as AD, inherit all the management data on AD, prevent company computers from logging into AD and using network resources after the failure of AD, make BAD server WSUS server (windows patch server), and manage patch download and installation of all computers in the company. If necessary, you can also integrate ISA SERVER to manage the company network (online behavior management) \r\n4. It is suggested that the servers in the domain should be configured in Xeon 2.8G 4G memory, and the hard disk should be RAID as required, so that the AD data can be backed up completely, incrementally and in different places on a regular basis.