I opened the question and a stream of water gushed out of the monitor, so immediately to the questions:
Yes, put Microts if you want to pump. As switches - HP, for example. You can also D-Link, do not listen to couch crows.
Everything is in the closet, so that later you don’t run around the floors and look for the cause of the breakdown.
It’s hemorrhoids in the offices, I wouldn’t do anything at all, the network is small.
According to the mind - it would be necessary to do everything correctly, from scratch, with perforation, cable channels and marking, but personally I would do this if the salary went from 70+ tyr at least without subsequent reductions and layoffs.
And, yes, AD would still be configured and DNS with DHCP on Windows Server should be taxied.

First, decide on the budget, time and what you have, estimate the possible risks.
I would start by raising hyper-v (as I understand it, you have a license), one license is a host + 2 virtual machines, I would make a backup and recovery plan. I would raise the active directory, create accounts and introduce all this crap into the domain. Of the expenses - your time, the time of specialists, while you set up accounts for them from AD. Install new operating systems if possible. Under the server room, it is highly desirable to allocate a separate room with 1-2 air conditioners and at least a UPS, not to mention a backup power line.
With a network, there are obviously more direct expenses. It is necessary to estimate whether it is possible to put everything in one switching rack, or you need several racks for the enterprise. We consider the cost of cable, switching cabinets, how many meters to the most remote points, sockets, marking, cable channels and other construction temple + downtime during repair + space (HIGHLY DESIRED CLOSED, the same server room) in which all this will be located. Discuss with your superiors whether it is advisable to buy managed switches (with the same storm control and other protocols), or the desk will wait a day without problems while you rush like crazy looking for what kind of bad employee decided to connect an unconnected cable to the socket and where exactly, a day before figuring out that this is still a broadcast storm. It is necessary to draw a diagram. Everything must be clear and signed. As a gateway, Mikrotik is more than normal. AND OF COURSE, you lay more outlets for each room than there are users by 20-80 percent, depending on the situation.
In the described, I don’t see the need to cut vlans and somehow segment the network, but maybe you don’t agree on something, or I underestimate. Unless, video cameras are in a separate subnet and a separate vlan (although the second is not necessary, depending on the connection scheme).
For printets, you might think a print server. To remote pptp server on Mikrotik.
If you want to somehow cut access by departments, make several ads, segment the network, etc. that's another question.
That's what I figured right off the bat. In general, it all depends on funding.

"30% of computers are still on xp, the rest are 7!"
"Answered 5 hours ago."
Quit. All the same, you will not have funding, and without it, candy does not happen. Although such an experience is also an experience.

I want your advice and support.

What equipment (models) should be installed at the level of access, distribution?

How to cut vlan?

but I know that there should not be any switches in the rooms where people sit, of course.

So I don’t know whether to make Internet sockets or not)

I'm thinking of building a network from scratch, laying new lines.

Good afternoon!
You started a little wrong - describe the company, describe the tasks you are facing (agreed with the management, not your fantasies).
Next, answer yourself the question "why do I see what I see"? No, not in the sense that photons excite cones and rods on the retina, but why does the infrastructure have such a configuration? If you think "well, it's just that the last admin was a fool, but I'm smart, I'll do it" right ". Then this should be at least the 5th answer. Look for 4 more.
What will happen next? Most likely, you have an enterprise or a relatively simple company, sold (specialists) bukhs and management. And everything works because it is convenient for them. The IT infrastructure does not have to exceed tasks, there is no overvalued information circulating on the network, and all the patterns boil down to "throw the file on the server to the ball", "get into the "one-stop" and "print the file". And this is the structure you are going to load AD to For example, who needs this? users or you? And what do users get from this? Roll-on security policies? "desktop from anywhere?" And they move from you? Do you need to "choke" users? the book says "? The result is simple - a lot of money" in milk "with no visible improvements. You will be the weakest link. It is clear why you have a Windows server - they do not deploy it on linux 1c. It is so often where - this does not mean that it needs to be loaded with hyper-vi, domain controller, etc. -again, this is the legacy of 1C, it is for him. And in the end, it turns out that all the team needs is samba, linux with a raised iptables and 2 printers on the network. Remember one truth if you swell money doing something there, and as a result, users only experience discomfort - and you say to the boss that "well, now everything is" as it should. "You will be asked" how should anyone? yourself as a janitor who decides fate - unfortunately, the administrator is a servant (if you don’t like this prospect, change your profession), and the tail doesn’t steer your head. Again, you are the weakest link, you will get bewildered in response. The exceptions are companies where ITIL is deployed, The IT department knows how to "earn" or is generally a earning department - for example, IT consulting. Well, i.e. the benefits from the implementation of solutions should be clear to management, and even better, expressed in money. Everything else is an attempt by youngsters to learn fashion tricks at the expense of the company - this is exactly what most leaders think - so when planning, be prepared to say to management, in your defense, a little more than: "well, this type of cool, this type of reserve, so over the default make". Security, by the way, is built on threat analytics - identify them, define protection tools and a budget, otherwise it will turn out that you are spending money on something that will never happen - again, because it is "necessary". In other words, you should always have something to show in defense of this or that decision, something that explains the benefit to the company (not your convenience). Without this - no matter what kind of hardware / software / ideas you have, everything will come to the fact that "everything worked well - the fool came - everything became bad."

Wow, how many tasks)) Will there be loot or "there is no money, are you there for a thread like a thread"? If the second option, then nothing good. Let's start with software licensing - is it purchased or from torrents? If the second option, is the office ready to spend money on legalization and purchase of everything necessary? This is in the interests of the admin, first of all. In general, many organizations are satisfied that everything works anyhow, and it is not supposed to spend money on IT below the very minimum, in such offices you definitely can’t pump skills, instead just plug holes.

I got the impression that everyone in charge drowns for those technologies in which he fumbles best.
If you are a new person in the office, then start by asking why it happened the way it did.
As a rule, there are few outright fools in IT. Surely the previous admin also wanted to build an ideal world, but something went wrong. Maybe there is no money, maybe he is mired in enikeyism, maybe he was offended by money.
1 learn how it works now and why. You can always break everything.
2 find out the needs of the company.
3 find out how many resources the company is ready to allocate (money, downtime, risks)
4 leave behind the 1c server, it already has enough work. In addition, apparently, boom is the only important service for the company. Ideal: one task - one server.
5 Don't Lamai all at once. Start with the most profitable (for the user) and the cheapest (for you) tasks. If the director is grateful to you for the fact that you installed a Wi-Fi for 1.5 rubles. in his office and now he comfortably watches videos on his tablet, then jambs will say goodbye more often and budgets will stand out more readily.
Good luck!

I went to look at the answer “hire an admin”, I didn’t see it, so I’m writing it myself :)
Enikey fantasies, however, to the wrong address - the likelihood that you will do it right the first time, having read local advice, tends to zero.

There is nothing more helpless, irresponsible and corrupt than networks built on Mikrotik.
Then in neighboring topics you will ask: "Why doesn't Mikrotik work."
Take d-links one by one per floor (this is done so as not to drag all the cables into one narrow hole, then try to add a subscriber from the third to the first floor in the server room), vlans - one vlan / one service, management in its own vlan, each department in his. Instead of microts, boo tsiska is better

Leonid

There is nothing more helpless, irresponsible and corrupt than networks built on Mikrotik.
Then in neighboring topics you will ask: "Why doesn't Mikrotik work."

put dlink and the second level, put a cross, start all ports in a cross, from there to dlink, gigabit lengths and to the server, and up to 100k computers is enough, if the server allows for hardware, put esxi, raise the AD, DNS, DHCP, FS, 1C servers etc. raise wtware (as the budget allows) get everyone on the network and forget about slow computers. at least the stumps will be single-core.
the only bummer they will be without YouTube ... they will have to work. i did that. through esxi it is possible to raise both pfsense and routing is normal. if the network card is enough
if you think that the users are very smart, then push the IP cameras into a separate vlan.
then you connect everything to ups and autoshutdown and enjoy life.
and if you want it really well, then you ask to buy another 20TB computer (or more) and merge virtual machines there for backups every day. and that's it. problems are minimized and that's it. you become an incoming admin, you come only for a RFP

There was such an experience and everyone kept saying that it was necessary to bring down, nothing good would happen.
Knocked out the budget, bought L2 switches SNR and Juniper, L3 Mikrotik 36 cores + Cisco ASA by inheritance, also bought a Depo server, to which they planned to transfer 1C.
In total, for each floor there is a cabinet and switches with and without PoE, on the server there are 6 virtual machines with ESXi, AD, DNS, Nextcloud, 1C, Exchange and all sorts of AIS.