Difference between revisions of "Active Directory/Naming Standards"

From WolfTech
Jump to navigation Jump to search
Line 85: Line 85:
 
<table align="center" cellpadding="5" cellspacing="0">
 
<table align="center" cellpadding="5" cellspacing="0">
 
   <tr>
 
   <tr>
     <td width="200px" valign="top">Departmental Students </td>
+
     <td width="200px" valign="top">'''Departmental Students''' </td>
 
     <td>
 
     <td>
 
*<b>Format</b>
 
*<b>Format</b>
Line 108: Line 108:
 
   </tr>
 
   </tr>
 
   <tr>
 
   <tr>
     <td valign="top">Course Semester</td>
+
     <td valign="top">'''Course Semester'''</td>
 
     <td>
 
     <td>
 
*<b>Format:</b>
 
*<b>Format:</b>
Line 119: Line 119:
 
   </tr>
 
   </tr>
 
   <tr>
 
   <tr>
     <td valign="top">Course Section Semester </td>
+
     <td valign="top">'''Course Section Semester''' </td>
 
     <td>
 
     <td>
<b>Format:</b> CRS-&lt;PRE&gt;-&lt;NUM&gt;&lt;S&gt;-&lt;SEC&gt;-&lt;SEMM&gt;&lt;YY&gt;
+
*<b>Format:</b>
<br><b>Example:</b> CRS-ECE-200L-001-FALL05
+
**CRS-&lt;PRE&gt;-&lt;NUM&gt;&lt;S&gt;-&lt;SEC&gt;-&lt;SEMM&gt;&lt;YY&gt;
<br><b>Notes:</b> This group contains all students enrolled in the specified section of the specified class in the specified semester.
+
*<b>Example:</b>
 +
**CRS-ECE-200L-001-FALL05
 +
*<b>Notes:</b>
 +
**This group contains all students enrolled in the specified section of the specified class in the specified semester.
 
     </td>
 
     </td>
 
   </tr>
 
   </tr>
 
</table>
 
</table>

Revision as of 16:35, 27 February 2006

The WOLFTECH domain is designed to be usable by any organization within NC State University. Consequently, special naming considerations are necessary to promote organization, prevent conflicts, and ease delegation.

Most objects within Active Directory are required to have unique names. In addition, it is important that an objects name indicate its purpose, as well as the organization it belongs to. The following naming standards were developed to help achieve these goals. Please be sure to follow these standards, as any unidentifiable or conflicting objects may be removed.

Groups

Active Directory requires that all groups have unique names. This is achieved by including the acronym of the department, college, or university that the group belongs to. The table below outlines the naming conventions that should be used for different types of groups on the WOLFTECH domain. Software Groups Format: SW-<DEPT>-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE> Example: SW-ECE-Microsoft-Office-2003-20041104 Notes: For more information about software distribution, see the Software Distribution page. Freeware Groups Format: FW-<DEPT>-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE> Example: FW-ECE-Mozilla-Firefox-1.0.2-20050325 Notes: For more information about software distribution, see the Software Distribution page. User/Computer Groups Format: <DEPT>-<NAME> or <DEPT>-<SUBOU>.<TYPE> Example: ECE-ACS Users or ECE-Teaching Labs.Desktops Notes: For more information about software distribution, see the Software Distribution page.

Group Policies

Active Directory requires that all group policies have unique names. This is achieved by including the acronym of the department, college, or university that the group policy belongs to. The table below outlines the naming conventions that should be used for different types of group policies on the WOLFTECH domain. Software Group Policy Format: SW-<DEPT>-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE> Example: SW-ECE-Microsoft-Office-2003-20041104 Notes: For more information about software distribution, see the Software Distribution page. Freeware Group Policy Format: FW-<DEPT>-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE> Example: FW-ECE-Mozilla-Firefox-1.0.2-20050325 Notes: For more information about software distribution, see the Software Distribution page. Departmental Security Policy Format: <DEPT>-<NAME> Example: ECE-Staff Policy Notes: These policies are used with one departmental OU. Multi-Departmental Security Policy Format: Managed-<NAME> Example: Managed-Member Server Policy Notes: These policies are common baseline security policies based on Microsoft's security guides. These policies are managed by the WolfTech Systems staff and are updated periodically to improve security. Domain-wide Security Policy Format: Domain-<NAME> Example: Domain-Local Accounts Policy Notes: These policies apply to the entire domain.

Machines

Active Directory requires that all machines have unique names. In addition, it is good network etiquette to not duplicate any other machine's name on the NCSU network. Please check QIP to ensure that the name you wish to use is not already in use on the NCSU network.

Rather than choosing a formula for naming machines, we've chosen thematic machine names that evoke personality, such as star constellations, athletic teams, and 15th century romantic poets. This helps administrators remember where the machine is, who uses it, and any past history. We've found that having this knowledge is indispensable and it would not be possible with formulaic names like ECE-PC-342-DANIELS-001.

Organizational Units

Active Directory does *NOT* require organizational units to have unique names. The only naming requirement for OUs is that they clearly indicate their purpose. There is, however, a default OU organization structure that is created for each new departmental OU. OU Admins are free to change, or even scrap, the default setup within their departmental OU if it does not meet their needs.

Above the departmental OUs, the WOLFTECH domain has a rigid OU architecture. To learn more, see OU Architecture Overview and Detailed Architecture.

Users

Active Directory requires that all users have unique names. This is achieved by using users UnityID (guaranteed to be unique), and in some cases, special suffixes. The table below outlines the naming conventions that should be used for different types of users on the WOLFTECH domain. Normal Users (w/ UnityID) Format: <UNITYID> Example: jqpublic Notes: The username and display name should be the user's UnityID. These accounts should only exist in the People OU. Normal Users (w/o UnityID) Format: <DEPT>.<FIRSTNAME>.<LASTNAME> Example: ECE.John.Public Notes: The username and display name should be <DEPT>.<FIRSTNAME>.<LASTNAME> to prevent confusion or conflicts with UnityIDs. These accounts should only exist in the departmental OU's Departmental Users OU. Domain Admin Format: <UNITYID>.domadmin Example: jqpublic.domadmin Notes: Domain Admins have administrative privileges on the entire domain and have local administrator on all domain machines (except those that manually remove Domain Administrator from the local Administrators group). The membership of the Domain Admins group is tightly screened by the WolfTech Director. OU Admin Format: <UNITYID>.ouadmin Example: jqpublic.ouadmin Notes: OU Admins have administrative privileges over their departmental OU. Departmental Computer Admin Format: <UNITYID>.admin Example: jqpublic.admin Notes: Departmental Computer Admins have local Administrator privileges on all computers in their departmental OU. This requires that <DEPT>-OU Policy be defined correctly to add <DEPT>-Computer Admins to the local Administrators group of the machines in the OU. These accounts are used by departmental, and if desired, college IT help desk staff to provide computer support.

Courses

To facilitate using Active Directory in lab environments, the WOLFTECH domain is automatically populated with course groups for courses in supported colleges. The groups can be used to give the appropriate students access in computer labs. The following naming standards are used:

Departmental Students
  • Format
    • <DEPT>-Students
  • Examples
    • NCSU-Students
  • Notes
    • This group contains all students enrolled in a class under it's hierarchy.
    • This includes NCSU, colleges, and departments.
Departmental Semester Students
  • Format:
    • CRS-<DEPT>-<SEMM><YY>
  • Examples:
    • ECE-Students-FALL05
  • Notes:
    • This group contains all students enrolled in a class under it's hierarchy for the specified semester.
    • This includes NCSU, colleges, and departments.
Course Semester
  • Format:
    • CRS-<PRE>-<NUM><S>-<SEMM><YY>
  • Examples:
    • CRS-ECE-200L-FALL05
  • Notes:
    • This group contains all students enrolled in all sections of the specified class in the specified semester.
Course Section Semester
  • Format:
    • CRS-<PRE>-<NUM><S>-<SEC>-<SEMM><YY>
  • Example:
    • CRS-ECE-200L-001-FALL05
  • Notes:
    • This group contains all students enrolled in the specified section of the specified class in the specified semester.