Naming Your Domain
Microsoft strongly recommends that you register a public domain and use subdomains for the internal DNS Technet Article. So, register a public DNS name, so you own it. Then create subdomains for internal use (like ad.example.org, corp.example.org, dmz.example.org, extranet.example.org) and make sure you've got your DNS configuration setup correctly.
Prevent non-admins from joining computers to your domain:
- Right click your domain name and select Properties
- Click the Attribute Editor tab
- Find ms-DS-MachineAccountQuota and change the value to 0.
When a user account is no longer needed, don't delete the user, just disable it and if desired put it in a “Disabled” folder. If after a period of time the account hasn't been needed you can then delete the account.
Always assign permissions to a group rather than to individual users, even if it means creating a group for one user. This greatly streamlines administration during employee turnover and re-assignments.
Use a name that describes the purpose and permissions of the group. For example Access to Scans Folder (M) would be providing access/modify permissions on the scans folder.