You welcome.

This is the Network Topology i have design. Hope its as per the requirements. Please help me to get it done. Thank you.

Looks very good. The only thing I would do differently would be to place the DHCP/DNS/AD server in a separate VLAN and then I would turn off any routing on the core switch to allow the firewall to be the routing engine so it can enforce the security policies. For example, if you separate the AD server in a separate VLAN and you leave the routing enabled on the core switch then that means any traffic from the workstation VLAN can hit the AD server, unless you apply access lists on the core switch SVIs which is not really practical nor recommended. However, when you turn off the routing on the core switch, then any traffic between the workstation and the AD server VLANs will be flowing through the firewall where you have all the security policies applied. In that case you can be very specific on which traffic you want to allow from each direction. For example, the workstation VLAN will be allowed DNS, SMB, DHCP, FTP, SCCM, etc, and if needed you can define what traffic should be allowed from the AD server towards the workstation VLAN. When the routing is moved to the firewall instead of the core switch, the workstation endpoints and the AD server will be using the firewall interfaces as their default gateway, same as the servers in the DMZ segment. Also, as a best practice I would remove any SVI on the core switch with the exception for the SVI that will be used for management unless you use the dedicated management port on the core switch.

Thank you for your prompt response. Really appreciated. So what i understood from your above is that, if i separate the AD/DHCP/DNS  from existing topology then i have to create one more VLAN in firewall for that server, Right?. So that means in total i will have 4 VLAN in firewall and it will  act as gateway for all the networks(VLAN).

Further,i would love to see more comments and advice or more reliable Topology to strengthen my network. 

Thank You.

Thank you so much. And i would be very grateful if you could kindly help me to set/explain firewall rules for above topology. Thank you for kind help.

You welcome Dechen! I think we can take this similar to the topology, if you can please put the draft in of those policies, and I'll be super happy to feedback on them.

Thank you. your response is always appreciated. So below are the policies and configuration been made. Therefore, i would further appreciate if you could help me and amend the necessary polices as per the requirements. You are great Sir.  

ASA (Firewall) (outside connected to Ethernet0/0,inside connected to Ethernet0/1 and the DMZ connected to Ethernet0/2):

!
interface Ethernet0/0
description Connected to Outside Segment
switchport access vlan 1
!
interface Ethernet0/1
description Connected to Inside Segment
switchport access vlan 3 , vlan 4
!
interface Ethernet0/2
description Connected to DMZ Segment
switchport access vlan 2
!
interface Vlan1
nameif outside
security-level 0
ip address 202.144.128.209 255.255.255.248
!
interface Vlan2
nameif dmz-server
security-level 70
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan4
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!

object network inside-subnet
subnet 192.168.0.0 255.255.255.0
object network dmz-subnet
subnet 192.168.2.0 255.255.255.0
object network webserver
host 192.168.2.4
object network webserver-external-ip
host 202.144.128.210
object network emailserver
host 192.168.2.3
object network emailserver-external-ip
host 202.144.128.211
object network dns-server
host 192.168.1.50

!
access-list outside_acl extended permit tcp any object webserver eq 80
access-list outside_acl extended permit (?????)any object emailserver eq (?????)
access-list dmz_acl extended permit udp any object dns-server eq domain
access-list dmz_acl extended deny ip any object inside-subnet
access-list dmz_acl extended permit ip any any
!
object network inside-subnet
nat (inside,outside) dynamic interface
object network dmz-subnet
nat (dmz,outside) dynamic interface
object network webserver
nat (dmz,outside) static webserver-external-ip service tcp www www
object network emailserver
nat (dmz,outside) static emailserver-external-ip service (......)
access-group outside_acl in interface outside
access-group dmz_acl in interface dmz
!
route outside 0.0.0.0 0.0.0.0 202.144.128.214

Looks good, just a couple of things I would say. Given that the AD server is now segregated in its VLAN3, I would enforce some security policies on the traffic passing from the inside towards that server, otherwise if all is allowed the segregation won't make much sense. If you like this idea, then you should change the VLAN3 interface name to something else, and remove the global command on the ASA that would allow the inter traffic between VLAN3 and 4 as both have same security level. The other thing is related to the DMZ segment dynamic NAT rule. You wouldn't need that as you have two static NAT rules for the two servers you have in the DMZ segment. Although it won't hurt having that dynamic command applied, I would personally remove it.

Glad I could help and please feel free to come back with any further questions.