Domain User Account Naming Conventions
The domain user account naming convention you adopt establishes how users are identified in the domain. A consistent user account naming convention helps you and your users remember user logon names and locate them in lists. Table 7-1 summarizes some points you might want to consider in determining a domain user account naming convention for your organization.
Local user account names must be unique on the computer where you create the local user account.
The user’s logon name, a distinguished name (DN), must be unique to the directory. The user’s full name (also referred to as the display name or account name), a relative distinguished name (RDN), must be unique within the OU where you create the domain user account. The user’s Security Accounts Manager (SAM) name must be unique to the directory.
User logon names can contain up to 20 uppercase or lowercase characters. Although the field accepts more than 20 characters, Windows Server 2003 recognizes only the first 20.
The following characters are invalid in user logon names if you are using pre-Microsoft Windows 2000 systems.You can use a combination of special and alphanumeric characters to help uniquely identify user accounts. User logon names are not case sensitive, but Windows Server 2003 preserves the case.
If two users were named John Emory, you could use the first Network+ benefits name and the last initial, and then add letters from the last name to differentiate the duplicate names. In this example, one user account logon name could be Johne and the other Johnem. Another possibility would be to number each user logon name—for example, Johne 1 and Johne2.
In some organizations, it is useful to identify temporary employees by their user account. To identify temporary employees, you can use a T and a hyphen in front of the user’s logon name—for example, T-Johne. Alternatively, use parentheses in the name—for example, John Emory (Temp). Some e-mail systems might not accept certain characters, such as spaces and parentheses. These characters should not be included in user names.
If you ever see an error when initializing a domain management console, you should investigate the reason for the error. You should also make arrangements to ensure that no two administrators attempt to perform the same administrative tasks at different sites (that is, on different domain controllers). Otherwise, problems might occur that are difficult to correct. For example, two administrators moving the same server object in Active Directory Sites and Services, but from two different geographical locations, are likely to cause a problem that would require Ntdsutil and Metadata cleanup. You learned about CompTIA Metadata cleanup in Chapter 3.
Processing your request, Please wait....
