How do I Administer My Site OU?


Site OU Administrators can administer users, computers and group policies for their site using Active Directory Users and Computers and the Group Policy Management Console.  The Active Directory Users and Computers console is installed via the Windows Server 2003 Administration pack and is available from Microsoft via the Internet (Google “Windows Server 2003 Service Pack 1 Administration Tools Pack”) or is also available on the Windows Server 2003 CD in the i386 folder, the file is called adminpak.msi.  The Group Policy Management Console is available from Microsoft on the Internet.  (Google “Group Policy Management Console”)

Naming Conventions


Staff Desktops


Win 2K / XP supports up to 15 characters for its PC name. With regards to a naming convention, the computer name should contain the following information:



Site Locator – (SL)


Room Number – (RN)


Identifier – (I)


User Identifier (UI)


Data Point Identifier (DP)


Extension Number Identifier (EN)

Below is a list of proposed Site Locator Codes with a maximum character length of 3.




Site Locator Codes







Site Locator Codes
 Bolton St BST 
 Linen Hall LIN
 E-Block EBK 
 Kevin St. KST 
 Aungier St. AST 
 Cathal Brugha Street CBS 
 Mount St. MST 
 Mountjoy Square MJS 
 Rathmines Road RAT 
 Rathmines House RHS 
 Portland Row POR 
 Chatham Row CHA 
 Camden Row CAM 
 Green St GST 
 Beresford St. BER 
 Temple Bar TBR 
 Dublin Airport AIR 


With the above in mind, the following naming format is used:



SL(3Char Max)-RN(4 Char Max)-I(8 Char Max)



The first half of the naming convention format, SL and RN will remain static throughout the Institute. However, the Identifier (I) may vary from site to site at the discretion of the on-site technicians. Taking a closer look at the Identifiers suggested we have the following:



User Identifier



The user identifier would take on the form of the users initial followed by their surname eg: User: Joe Bloggs would have a user identifier of: jbloggs. The UI will have a max character length of 8. Therefore, if a users initial and surname combined exceeds 8 characters it will have to be truncated.



eg. A computer in Bolton Street, in room 203 and used by staff member joe bloggs would have a computer name of:





If the situation arises that a number of staff members use the same computer than it would just be a case of using one of the staff members’ names as the user identifier.  


Data Point Identifier


The data point identifier would take on the form of the name of the wiring centre followed by the number of the data point the computer is connected to.



e.g. A computer in Kevin Street, connected to data point 065 going back to wiring centre 2A and in room 113 would have a computer name of:





Extension Number Identifier



The extension number identifier would take on the form of the user’s extension number



E.g. A computer in Mountjoy Square, in room 209 with a user who has an ext no. of 3276 would have a name of:







Staff Laptops

Due to the fact that a laptop is portable and will not remain in a single location it is not feasible to use room numbers in the naming convention. However, for support reasons some sort of locator must be included. Therefore the following format is proposed.



SL(3 char max)-L-UI(11 char max)


The above format will identify the following



1) SL - The primary site of the laptop



2) L will indicate the fact that it is a laptop



3) UI - The primary user of the laptop



At present, when laptops and computers are added to the domain they are moved into their relevant ou’s under the corresponding sites. This, combined with the name of the computer will assist in locating laptops more efficiently within active directory.



Taking the above format and applying it to the user Joe Bloggs who works mainly in 143 Rathmines Road we get the following:






Due to the fact that some users will possess the same name slight variations may be required for the user identifier.


Lab and Library Desktops



Lab and library computers would follow similar suit to the naming convention for staff desktops. However, seeing as multiple users would be logging on to the same computer the identifier (I) would have to be replaced with something else. A pc identifier is possible solution.



PC Identifier - (PI)



Taking this into account the naming convention for labs and libraries would be as follows.




 SL(3Char Max)RN(4 Char Max)-PI(8 Char Max)




 Therefore a lab in Bolton Street, room 215 with 3 pcs would be named:















With regards to the library pcs, the room identifier could be replaced by LIB.












Description field



If we look at what information can be derived from the naming conventions shown so far we get site location, room number and user or pc identifier. However, there is no mention of what model of computer we are dealing with e.g. (Dell GX270, HP DX2000). This is valuable information to know. For every computer object within active directory there is a description field. It is suggested that this field be populated with the model of the computer. See example below. 




Organisational Units (OU’s)



The top level OU’s within active directory have been named according to the sites that they represent. This allows for easier manageability and delegation of control over particular sites.



It is also suggested that the ‘Managed By’ properties tab under the relevant OU’s contain the names of the primary OU administrators.




Group Policy Objects



Group Policy Objects should be named as follows:



Site Identifier – [Short Description of What the Policy does]



For example, a Bolton Street policy to allow users a run command is called:



BST – Allow Run Command



Staff User Accounts



The naming convention for staff user accounts is:






In the event of a duplicate account the account should mirror that of the user’s email account which usually adds in a middle initial:










All machines added to the domain should be removed from the computers OU immediately, computer accounts left in the computers OU for a period of time will be disabled and then deleted a short time later.



All accounts, (Computer and User) should adhere to the domain naming convention; if an account does not adhere to the naming convention it is liable for immediate deletion



All accounts should be owned by a single user.  Where generic accounts are necessary they should be assigned an account owner in the AD Object’s description field and they should have a set expiry date.  All accounts should have an email address populated in the object’s email field.  Accounts not adhering to this policy will be deleted immediately.






Back to Top

     Find us on Facebook      Follow us on Twitter      Follow us on LinkedIn

Member of the European University Association