⬆️ ⬇️

Creating a Centralized AD: Object Naming Standards, Part 1

Before you migrate objects from old domains to new ones, you had to come up with standards for naming Active Directory objects, such as workstations, servers, groups, user accounts, and org. units. When we come to a single domain structure, we need universal naming standards for all sites (branches). The way the objects were named in the old domains did not suit us at all. Moreover, in each domain naming was according to the preferences of local administrators and there was no single principle. Let's start in order:



Workstations:

The names of workstations should not be tied to the position of the employee, much less to his name. Workstations should be tied to their physical location and their affiliation to a particular department, branch, management, call it a logical affiliation.

Let's start with physics bindings. It is possible in various ways to designate the site in the name of the workstation where the computer is located. We chose the coding site by numbers. Further it will be clear why. What it looks like. For example, you have branches in Moscow, St. Petersburg and Rostov. We encode the numbers of the city in which the offices are located.



For example:

Moscow - 100

St. Petersburg - 200

Rostov - 300



Pretty easy to remember. Go ahead, Moscow is big and we have not one office in it, but several. Then we name further:

Moscow, Address 1, code: 101

Moscow, Address 2, code: 102

Moscow, Address 3, code: 103

')

In St. Petersburg, too, a couple of offices:

St. Petersburg, Address 1, Code 201

St. Petersburg, Address 2, code 202



In Rostov, one office, then just leave 300.



We turn to the logical affiliation. For example, consider the situation when we have a headquarters in Moscow (the central office that controls the work of all the other branches). Denote the headquarters as HQ (Headquarters). But also in Moscow there are workstations not related to HQ, but related to "ordinary" offices. Denote such affiliation as MOS (Moscow). The bottom line is that at one address we can have both HQ computers and MOS computers. The same situation can be repeated with servers.



Accordingly, we obtain the following:

Moscow, Address 1, Workstation HQ: HQ101

Moscow, Address 1, MOS: MOS101 Workstation



And also with other branches. The station’s logical affiliation can be to anything (headquarters, headquarters, subsidiaries, etc.). Especially in large companies, different employees are responsible for IT assets in different branches. And also, for example, MOS administrators should not have access to HQ stations. And so on. This separation adds a lot of flexibility.



Further it is necessary to designate that it is a workstation, and not a server or, for example, a printer. So you need to come up with a designation for the workstation. In this case, everything is simple; we denote workstations with two letters WS (WorkStation). Plus, it is necessary to distinguish the stations among themselves, so we introduce through numbering within each site (logical and physical). We assume that on each site no more than 100 computers.



So, the final name of the station:

Moscow, Address 1, Workstation 1, HQ: HQ101WS001

Moscow, Address 1, Workstation 1, MOS: MOS101WS001

Moscow, Address 1, Workstation 2, HQ: HQ101WS002



St. Petersburg, Address 1, Workstation 1, SPB: SPB201WS001

St. Petersburg, Address 2, Workstation 1, SPB: SPB202WS001

St. Petersburg, Address 2, Workstation 2, SPB: SPB202WS002



This principle of naming workstations seems to me quite universal and convenient to use. But it is necessary to add to AD in the comments which user is working for a particular workstation. And do not forget when moving a computer from one site to another rename it.



We will talk about naming of other objects in the second part.

Source: https://habr.com/ru/post/151713/



All Articles