UMD Naming Convention for Active Directory We anticipate that many departments and units, large and small, will elect to join the UMD forest. Most of the administrative responsibilities in the forest will be delegated to system administrators in these departments and units who will be creating Active Directory resources with their associated names. These naming standards are required to maintain an orderly forest, for easy recognition of forest resources, and to avoid naming collisions. There are set limits on how many and what type of characters you can use when naming items in Active Directory (http://support.microsoft.com/kb/909264/en-us). In addition, when creating an object, it is required that you fill in the description tab of the object detailing the purpose. The following naming standards will apply: Organizational Units (OU) and Sub Containers In the UMD forest, organizational units (ou s) will be created for all Colleges, Departments, and Units based on the organizational name that is listed in PHR. Local system administrators will be able to create sub containers within these OU s. When creating additional OU within you departmental OU structure, please use the name that is listed in PHR. To find if the naming exist, please contact the server group at server-group@umd.edu. If one does not exist, use your departmental/unit abbreviation as a prefix name follow by a dash - then the name of the sub OU. Servers, Laptops, Workstations and other peripherals: When naming laptops, workstations, and servers please follow the instructions below to avoid collisions. For Servers: xxxx xx xxx x x 1 2 3 4 5 1. College/Departmental/Unit Abbreviation: 3-4 characters. 2. Function: 2 characters 3. Sequence Number 3 digit 4. Role 1 character. This is only used if the server is not a production server 5. Virtual Classification: This is only used is the server is a virtual machine Example 1: OITAP001: Production application server Example 2: OITDB001d: Development database server Example 3: OITWS001v: Virtual production Web server Example 4: OITFS001tv: Virtual test file server Table for Function: Acronym Acronym Domain DC Application AP Controller Server Database Server DB Print Server PS Exchange Server MX Web Server WS File Server FS Open OD Directory Cluster Server CS Voice System VS
Table for Roles: If the server is used for production then no Acronym will apply Acronym Acronym Development D Quality Q Assurance Testing T Table for Virtual Classification Acronym Virtual V Virtual Cluster Instance (ex. MS SQL)* Acronym VI Networked Copiers, Laptops, Printers, Scanners, and Workstations: xxxx xx xxxxxxxxx 1 2 3 1. College/Departmental/Unit Abbreviation: 3-4 characters. 2. Function: 2 characters. 3. Predefined: Colleges\Departments\Units will define what the last identification string will be in the name before they join Active Directory. Once selected, this naming convention must be followed. Example (workstation) : OITWK001 Example (Laptop) : OITLT001 Example (Lab machine) : OITLW001 Node Based : Acronym Acronym LT Laptop PT Printer LW Lab Workstations WK Workstations MD Mobile Device NC Networked Copier SN Scanner Security & Groups: An Active Directory group may be one of six types. Two broad categories, "security" and "distribution", define the general type of the group. Each of these two types are further defined as either "domain local", "global", or "universal". For Security and Groups: xxxx xxx xx 1 2 3
1. College/Departmental/Unit Abbreviation: 3-4 characters. 2. Group name 3. Group Role/Function: 2 characters. Example: OITSMGMT-GS Group Roles/Function: Acronym Acronym LS Domain Local GS Global Security Security US Universal Security LD Domain Local GD Global UD Universal Because Active Directory groups are replicated across the network, they must be populated in ways that minimize network replication. Try to use global and domain local groups where possible. If you have a need to create a universal group, do not populate the universal group with individual users. Instead, use the names of other groups to build the universal group membership. Note: All group types in AD are displayed with the same group icon, which can be visually confusing. The Active Directory Users and Computers console does shows the group type field, however testing has shown that after making changes to an individual group, the user interface no longer displays the group type field description. This can cause confusion and lead to errors, which is why we include the group type as part of the group naming scheme. Using this scheme will help prevent Administrators from choosing the wrong group when they are managing groups within groups, in their own domain and across other domains. Group Policies The naming convention for Group Policies is to use your departmental abbreviation as a prefix for all Group Policy names. For example, "OIT Staff Policy". This will reduce the chances that similarly named Group Policies will be confused with one-another
By my signature, I acknowledge that I have reviewed, understand, and will follow the Naming Convention Policy for Active Directory (http://www.xxx.umd.edu/naming_convention). Signature (Departmental OU Administrator) Date Printed Name Signature (Department/Unit Head) Date Printed Name
In this section, please record your departmental naming convention. If you are delegated OU administrator rights to more than one OU, please record this information in the format listed below. The Naming Convention for my department(s)/unit(s) will be: College/Departmental/Unit Abbreviation: 3-4 characters Function: 2 characters (Defined by Function Charts Above) Predefined: Colleges\Departments\Units will define what the last identification string will be in the name before they join Active Directory. Once selected, this naming convention must be followed.