Creating a Centralized AD: Object Naming Standards, Part 1
Before you migrate objects from old domains to new ones, you had to come up with standards for naming Active Directory objects, such as workstations, servers, groups, user accounts, and org. units. When we come to a single domain structure, we need universal naming standards for all sites (branches). The way the objects were named in the old domains did not suit us at all. Moreover, in each domain naming was according to the preferences of local administrators and there was no single principle. Let's start in order:
Workstations:
The names of workstations should not be tied to the position of the employee, much less to his name. Workstations should be tied to their physical location and their affiliation to a particular department, branch, management, call it a logical affiliation.
Let's start with physics bindings. It is possible in various ways to designate the site in the name of the workstation where the computer is located. We chose the coding site by numbers. Further it will be clear why. What it looks like. For example, you have branches in Moscow, St. Petersburg and Rostov. We encode the numbers of the city in which the offices are located.
For example:
Moscow - 100
St. Petersburg - 200
Rostov - 300
Pretty easy to remember. Go ahead, Moscow is big and we have not one office in it, but several. Then we name further:
Moscow, Address 1, code: 101
Moscow, Address 2, code: 102
Moscow, Address 3, code: 103
')
In St. Petersburg, too, a couple of offices:
St. Petersburg, Address 1, Code 201
St. Petersburg, Address 2, code 202
In Rostov, one office, then just leave 300.
We turn to the logical affiliation. For example, consider the situation when we have a headquarters in Moscow (the central office that controls the work of all the other branches). Denote the headquarters as HQ (Headquarters). But also in Moscow there are workstations not related to HQ, but related to "ordinary" offices. Denote such affiliation as MOS (Moscow). The bottom line is that at one address we can have both HQ computers and MOS computers. The same situation can be repeated with servers.
Accordingly, we obtain the following:
Moscow, Address 1, Workstation HQ: HQ101
Moscow, Address 1, MOS: MOS101 Workstation
And also with other branches. The station’s logical affiliation can be to anything (headquarters, headquarters, subsidiaries, etc.). Especially in large companies, different employees are responsible for IT assets in different branches. And also, for example, MOS administrators should not have access to HQ stations. And so on. This separation adds a lot of flexibility.
Further it is necessary to designate that it is a workstation, and not a server or, for example, a printer. So you need to come up with a designation for the workstation. In this case, everything is simple; we denote workstations with two letters WS (WorkStation). Plus, it is necessary to distinguish the stations among themselves, so we introduce through numbering within each site (logical and physical). We assume that on each site no more than 100 computers.
So, the final name of the station:
Moscow, Address 1, Workstation 1, HQ: HQ101WS001
Moscow, Address 1, Workstation 1, MOS: MOS101WS001
Moscow, Address 1, Workstation 2, HQ: HQ101WS002
St. Petersburg, Address 1, Workstation 1, SPB: SPB201WS001
St. Petersburg, Address 2, Workstation 1, SPB: SPB202WS001
St. Petersburg, Address 2, Workstation 2, SPB: SPB202WS002
This principle of naming workstations seems to me quite universal and convenient to use. But it is necessary to add to AD in the comments which user is working for a particular workstation. And do not forget when moving a computer from one site to another rename it.
We will talk about naming of other objects in the second part.
Workstations:
The names of workstations should not be tied to the position of the employee, much less to his name. Workstations should be tied to their physical location and their affiliation to a particular department, branch, management, call it a logical affiliation.
Let's start with physics bindings. It is possible in various ways to designate the site in the name of the workstation where the computer is located. We chose the coding site by numbers. Further it will be clear why. What it looks like. For example, you have branches in Moscow, St. Petersburg and Rostov. We encode the numbers of the city in which the offices are located.
For example:
Moscow - 100
St. Petersburg - 200
Rostov - 300
Pretty easy to remember. Go ahead, Moscow is big and we have not one office in it, but several. Then we name further:
Moscow, Address 1, code: 101
Moscow, Address 2, code: 102
Moscow, Address 3, code: 103
')
In St. Petersburg, too, a couple of offices:
St. Petersburg, Address 1, Code 201
St. Petersburg, Address 2, code 202
In Rostov, one office, then just leave 300.
We turn to the logical affiliation. For example, consider the situation when we have a headquarters in Moscow (the central office that controls the work of all the other branches). Denote the headquarters as HQ (Headquarters). But also in Moscow there are workstations not related to HQ, but related to "ordinary" offices. Denote such affiliation as MOS (Moscow). The bottom line is that at one address we can have both HQ computers and MOS computers. The same situation can be repeated with servers.
Accordingly, we obtain the following:
Moscow, Address 1, Workstation HQ: HQ101
Moscow, Address 1, MOS: MOS101 Workstation
And also with other branches. The station’s logical affiliation can be to anything (headquarters, headquarters, subsidiaries, etc.). Especially in large companies, different employees are responsible for IT assets in different branches. And also, for example, MOS administrators should not have access to HQ stations. And so on. This separation adds a lot of flexibility.
Further it is necessary to designate that it is a workstation, and not a server or, for example, a printer. So you need to come up with a designation for the workstation. In this case, everything is simple; we denote workstations with two letters WS (WorkStation). Plus, it is necessary to distinguish the stations among themselves, so we introduce through numbering within each site (logical and physical). We assume that on each site no more than 100 computers.
So, the final name of the station:
Moscow, Address 1, Workstation 1, HQ: HQ101WS001
Moscow, Address 1, Workstation 1, MOS: MOS101WS001
Moscow, Address 1, Workstation 2, HQ: HQ101WS002
St. Petersburg, Address 1, Workstation 1, SPB: SPB201WS001
St. Petersburg, Address 2, Workstation 1, SPB: SPB202WS001
St. Petersburg, Address 2, Workstation 2, SPB: SPB202WS002
This principle of naming workstations seems to me quite universal and convenient to use. But it is necessary to add to AD in the comments which user is working for a particular workstation. And do not forget when moving a computer from one site to another rename it.
We will talk about naming of other objects in the second part.
Source: https://habr.com/ru/post/151713/
All Articles