Active Directory/Naming Standards

From WolfTech
Revision as of 18:20, 6 April 2010 by Wrbeaudo (talk | contribs)
Jump to navigation Jump to search

The WOLFTECH domain is designed to be usable by any organization within NC State University. Consequently, special naming considerations are necessary to promote organization, prevent conflicts, and ease delegation.

Most objects within Active Directory are required to have unique names. In addition, it is important that an objects name indicate its purpose, as well as the organization it belongs to. The following naming standards were developed to help achieve these goals. Please be sure to follow these standards, as any unidentifiable or conflicting objects may be removed.

Groups

Active Directory requires that all groups have unique names. This is achieved by including the acronym of the department, college, or university that the group belongs to. The table below outlines the naming conventions that should be used for different types of groups on the WOLFTECH domain.

Software Groups
  • Format
    • <DEPT>-SW-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE>
  • Examples
    • ECE-SW-Microsoft-Office-2003-20041104
  • Notes
    • For more information about software distribution, see [[../Software Distribution | Software Distribution]].
Freeware Groups
  • Format
    • <DEPT>-FW-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE>
  • Examples
    • ECE-FW-Mozilla-Firefox-1.0.2-20050325
  • Notes
    • For more information about software distribution, see [[../Software Distribution | Software Distribution]].
User/Computer Groups
  • Format
    • <DEPT>-<NAME> or <DEPT>-<SUBOU>.<TYPE>
  • Examples
    • ECE-ACS Users
    • ECE-Teaching Labs.Desktops
  • Notes
    • For more information about software distribution, see [[../Software Distribution | Software Distribution]].

Group Policies

Active Directory requires that all group policies have unique names. This is achieved by including the acronym of the department, college, or university that the group policy belongs to. The table below outlines the naming conventions that should be used for different types of group policies on the WOLFTECH domain.

Software Group Policy
  • Format
    • <DEPT>-SW-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE>
  • Examples
    • ECE-SW-Microsoft-Office-2003-20041104
  • Notes
    • For more information about software distribution, see [[../Software Distribution | Software Distribution]].
Freeware Group Policy
  • Format
    • <DEPT>-FW-<COMPANY>-<PRODUCT>-<VERSION>-<PACKAGEDATE>
  • Examples
    • ECE-FW-Mozilla-Firefox-1.0.2-20050325
  • Notes
    • For more information about software distribution, see [[../Software Distribution | Software Distribution]].
Departmental Security Policy
  • Format
    • <DEPT>-<NAME>
  • Examples
    • ECE-Staff Policy
  • Notes
    • These policies are used with one departmental OU.
Multi-Departmental Security Policy
  • Format
    • Managed-<NAME>
  • Examples
    • Managed-Member Server Policy
  • Notes
    • These policies are common baseline security policies based on Microsoft's security guides.
    • These policies are managed by the WolfTech Systems staff and are updated periodically to improve security.
Domain-wide Security Policy
  • Format
    • Domain-<NAME>
  • Examples
    • Domain-Local Accounts Policy
  • Notes
    • These policies apply to the entire domain.

Machines

Active Directory requires that all machines have unique names. In addition, it is good network etiquette to not duplicate any other machine's name on the NCSU network. Please check QIP to ensure that the name you wish to use is not already in use on the NCSU network.

Rather than choosing a formula for naming machines, we've chosen thematic machine names that evoke personality, such as star constellations, athletic teams, and 15th century romantic poets. This helps administrators remember where the machine is, who uses it, and any past history. We've found that having this knowledge is indispensable and it would not be possible with formulaic names like ECE-PC-342-DANIELS-001.

Organizational Units

Active Directory does NOT require organizational units to have unique names. The only naming requirement for OUs is that they clearly indicate their purpose. There is, however, a default OU organization structure that is created for each new departmental OU. OU Admins are free to change, or even scrap, the default setup within their departmental OU if it does not meet their needs.

Above the departmental OUs, the WOLFTECH domain has a rigid OU architecture. To learn more, see OU Architecture Overview and Detailed Architecture.

Users

Active Directory requires that all users have unique names. This is achieved by using users UnityID (guaranteed to be unique), and in some cases, special suffixes. The table below outlines the naming conventions that should be used for different types of users on the WOLFTECH domain.

Normal Users (w/ UnityID)
  • Format
    • <UNITYID>
  • Examples
    • jqpublic
  • Notes
    • The username and display name should be the user's UnityID.
    • These accounts should only exist in the People OU.
Normal Users (w/o UnityID)
  • Format
    • <DEPT>.<FIRSTNAME>.<LASTNAME>
  • Examples
    • ECE.John.Public
  • Notes
    • The username and display name should be <DEPT>.<FIRSTNAME>.<LASTNAME> to prevent confusion or conflicts with UnityIDs.
    • These accounts should only exist in the departmental OU's Departmental Users OU.
Domain Admin
  • Format
    • <UNITYID>.domadmin
  • Examples
    • jqpublic.domadmin
  • Notes
    • Domain Admins have administrative privileges on the entire domain and have local administrator on all domain machines (except those that manually remove Domain Administrator from the local Administrators group).
    • The membership of the Domain Admins group is tightly screened by the WolfTech Director.
OU Admin
  • Format
    • <UNITYID>.admin
  • Examples
    • jqpublic.admin
  • Notes
    • OU Admins have administrative privileges over their departmental OU.
Departmental Computer Admin
  • Format
    • <UNITYID>.admin
  • Examples
    • jqpublic.admin
  • Notes
    • Departmental Computer Admins have local Administrator privileges on all computers in their departmental OU.
    • This requires that <DEPT>-OU Policy be defined correctly to add <DEPT>-Computer Admins to the local Administrators group of the machines in the OU.
    • These accounts are used by departmental, and if desired, college IT help desk staff to provide computer support.
Service Accounts
  • Format
    • <DEPT>.<SERVICENAME>.service
  • Examples
    • CNR.wds.service
    • ECE.iis.service
  • Notes
    • Service accounts are used for programs and services that need a special user container to access domain resources. They should only be used when the provided service requires separation from a valid normal or admin user account.
    • These accounts should only exist in the Departmental Users/Service Accounts subOU in a departmental or college-level OU.
Retrieved from "https://tools.wolftech.ncsu.edu/support/index.php?title=Active_Directory/Naming_Standards&oldid=9910"