How do I Administer My Site OU?

 

Site OU Administrators can administer users, computers and group policies for their site using Active Directory Users and Computers and the Group Policy Management Console.  The Active Directory Users and Computers console is installed via the Windows Server 2003 Administration pack and is available from Microsoft via the Internet (Google “Windows Server 2003 Service Pack 1 Administration Tools Pack”) or is also available on the Windows Server 2003 CD in the i386 folder, the file is called adminpak.msi.  The Group Policy Management Console is available from Microsoft on the Internet.  (Google “Group Policy Management Console”)

Naming Conventions

 

Staff Desktops

 

Win 2K / XP supports up to 15 characters for its PC name. With regards to a naming convention, the computer name should contain the following information:

 

 

Site Locator – (SL)

 

Room Number – (RN)

 

Identifier – (I)

 

User Identifier (UI)

 

Data Point Identifier (DP)

 

Extension Number Identifier (EN)

Below is a list of proposed Site Locator Codes with a maximum character length of 3.

 

 

 

Site Locator Codes

 

 

 

 

 

 

Site Locator Codes
 Bolton St BST 
 Linen Hall LIN
 E-Block EBK 
 Kevin St. KST 
 Aungier St. AST 
 Cathal Brugha Street CBS 
 Mount St. MST 
 Mountjoy Square MJS 
 Rathmines Road RAT 
 Rathmines House RHS 
 Portland Row POR 
 Chatham Row CHA 
 Camden Row CAM 
 Green St GST 
 Beresford St. BER 
 Temple Bar TBR 
 Dublin Airport AIR 

 

With the above in mind, the following naming format is used:

 

 

SL(3Char Max)-RN(4 Char Max)-I(8 Char Max)

 

 

The first half of the naming convention format, SL and RN will remain static throughout the Institute. However, the Identifier (I) may vary from site to site at the discretion of the on-site technicians. Taking a closer look at the Identifiers suggested we have the following:

 

 

User Identifier

 

 

The user identifier would take on the form of the users initial followed by their surname eg: User: Joe Bloggs would have a user identifier of: jbloggs. The UI will have a max character length of 8. Therefore, if a users initial and surname combined exceeds 8 characters it will have to be truncated.

 

 

eg. A computer in Bolton Street, in room 203 and used by staff member joe bloggs would have a computer name of:

 

 

BST-203-JBLOGGS

 

If the situation arises that a number of staff members use the same computer than it would just be a case of using one of the staff members’ names as the user identifier.  

 

Data Point Identifier

 

The data point identifier would take on the form of the name of the wiring centre followed by the number of the data point the computer is connected to.

 

 

e.g. A computer in Kevin Street, connected to data point 065 going back to wiring centre 2A and in room 113 would have a computer name of:

 

 

KST-113-2A065

 

Extension Number Identifier

 

 

The extension number identifier would take on the form of the user’s extension number

 

 

E.g. A computer in Mountjoy Square, in room 209 with a user who has an ext no. of 3276 would have a name of:

 

 

MSQ209-3276

 

 

 

Staff Laptops

Due to the fact that a laptop is portable and will not remain in a single location it is not feasible to use room numbers in the naming convention. However, for support reasons some sort of locator must be included. Therefore the following format is proposed.

 

 

SL(3 char max)-L-UI(11 char max)

 

The above format will identify the following

 

 

1) SL - The primary site of the laptop

 

 

2) L will indicate the fact that it is a laptop

 

 

3) UI - The primary user of the laptop

 

 

At present, when laptops and computers are added to the domain they are moved into their relevant ou’s under the corresponding sites. This, combined with the name of the computer will assist in locating laptops more efficiently within active directory.

 

 

Taking the above format and applying it to the user Joe Bloggs who works mainly in 143 Rathmines Road we get the following:

 

 

RHS-L-JBLOGGS

 

 

Due to the fact that some users will possess the same name slight variations may be required for the user identifier.

 

Lab and Library Desktops

 

 

Lab and library computers would follow similar suit to the naming convention for staff desktops. However, seeing as multiple users would be logging on to the same computer the identifier (I) would have to be replaced with something else. A pc identifier is possible solution.

 

 

PC Identifier - (PI)

 

 

Taking this into account the naming convention for labs and libraries would be as follows.

 

 

 

 SL(3Char Max)RN(4 Char Max)-PI(8 Char Max)

 

 

 

 Therefore a lab in Bolton Street, room 215 with 3 pcs would be named:

 

 

BST215-PC01

 

 

BST215-PC02

 

 

BST215-PC03

 

 

 

 

 

With regards to the library pcs, the room identifier could be replaced by LIB.

 

 

BSTLIB-PC01

 

 

BSTLIB-PC02

 

 

BSTLIB-PC03

 

 

Description field

 

 

If we look at what information can be derived from the naming conventions shown so far we get site location, room number and user or pc identifier. However, there is no mention of what model of computer we are dealing with e.g. (Dell GX270, HP DX2000). This is valuable information to know. For every computer object within active directory there is a description field. It is suggested that this field be populated with the model of the computer. See example below. 

 

 

 

Organisational Units (OU’s)

 

 

The top level OU’s within active directory have been named according to the sites that they represent. This allows for easier manageability and delegation of control over particular sites.

 

 

It is also suggested that the ‘Managed By’ properties tab under the relevant OU’s contain the names of the primary OU administrators.

 

 

 

Group Policy Objects

 

 

Group Policy Objects should be named as follows:

 

 

Site Identifier – [Short Description of What the Policy does]

 

 

For example, a Bolton Street policy to allow users a run command is called:

 

 

BST – Allow Run Command

 

 

Staff User Accounts

 

 

The naming convention for staff user accounts is:

 

 

firstname.surname

 

 

In the event of a duplicate account the account should mirror that of the user’s email account which usually adds in a middle initial:

 

 

firstname.x.surname

 

 

 

Housekeeping

 

 

All machines added to the domain should be removed from the computers OU immediately, computer accounts left in the computers OU for a period of time will be disabled and then deleted a short time later.

 

 

All accounts, (Computer and User) should adhere to the domain naming convention; if an account does not adhere to the naming convention it is liable for immediate deletion

 

 

All accounts should be owned by a single user.  Where generic accounts are necessary they should be assigned an account owner in the AD Object’s description field and they should have a set expiry date.  All accounts should have an email address populated in the object’s email field.  Accounts not adhering to this policy will be deleted immediately.

InternetExplorer11_EnterpriseMode

 

 

 

 

Back to Top

     Find us on Facebook      Follow us on Twitter      Follow us on LinkedIn

Member of the European University Association