Creating a Centralized AD: Object Naming Standards, Part 1
Before migrating objects from the old domains to the new one, it was necessary to come up with standards for naming Active Directory objects, such as workstations, servers, groups, user accounts, and org. units. When we come to a single domain structure, we need universal standards for names for all sites (branches). The way objects in old domains were named did not suit us at all. Moreover, in each domain, naming was according to the preferences of local administrators and there was no single principle. Let's start in order:
Workstations:
The names of workstations should not be tied to the position of an employee, much less to his name. Workstations should be tied to their physical location and their affiliation with a particular unit, branch, management, let's call it logical affiliation.
Let's start with physics. You can designate the site in different ways in the name of the workstation on which the computer is located. We chose the coding of the site in numbers. Further it will be clear why. What does it look like. For example, you have branches in Moscow, St. Petersburg and Rostov. We code with numbers the cities in which the offices are located.
For example:
Moscow - 100
St. Petersburg - 200
Rostov - 300
Pretty easy to remember. We move on, Moscow is large and we have not one office in it, but several. Then we call further:
Moscow, Address 1, code: 101
Moscow, Address 2, code: 102
Moscow, Address 3, code: 103
In St. Petersburg there are also a couple of offices:
St. Petersburg, Address 1, code 201
St. Petersburg, Address 2, code 202
There is one office in Rostov, so we just leave 300.
Let's move on to logical affiliation. As an example, consider the situation when we have a headquarters in Moscow (the central office that controls the work of all other branches). We designate the headquarters as HQ (Headquarters). But also in Moscow there are workstations not related to HQ, but related to "ordinary" offices. Denote such an affiliation as MOS (Moscow). The bottom line is that at one address we can have both HQ computers and MOS computers. The same situation can be repeated with servers.
Accordingly, we get the following:
Moscow, Address 1, Workstation HQ: HQ101
Moscow, Address 1, Workstation MOS: MOS101
And also with other branches. The station’s logical affiliation can be anything (headquarters, headquarters, subsidiaries, etc.). Especially in large companies, different employees are responsible for IT assets in different branches. And also, for example, MOS administrators should not have access to HQ stations. Etc. This separation adds a lot of flexibility.
Next, we need to indicate that this is a workstation, not a server or, for example, a printer. So you need to come up with a designation for the workstation. In this case, everything is simple, we designate the workstations with two letters WS (WorkStation). Plus, it is necessary to distinguish between the stations among themselves, so we introduce end-to-end numbering inside each site (logical and physical). We assume that on each site no more than 100 computers.
So, the final version of the station naming:
Moscow, Address 1, Workstation 1, HQ: HQ101WS001
Moscow, Address 1, Workstation 1, MOS: MOS101WS001
Moscow, Address 1, Workstation 2, HQ: HQ101WS002
St. Petersburg, Address 1, Workstation 1, SPB: SPB201WS001
St. Petersburg, Address 2, Workstation 1, SPB: SPB202WS001
St. Petersburg, Address 2, Workstation 2, SPB: SPB202WS002
This principle of naming workstations seems quite universal and convenient to use. But it is necessary to add to the AD in the comments which user is working for a particular workstation. And do not forget to rename it when moving a computer from one platform to another.
We will talk about naming other objects in the second part.
Workstations:
The names of workstations should not be tied to the position of an employee, much less to his name. Workstations should be tied to their physical location and their affiliation with a particular unit, branch, management, let's call it logical affiliation.
Let's start with physics. You can designate the site in different ways in the name of the workstation on which the computer is located. We chose the coding of the site in numbers. Further it will be clear why. What does it look like. For example, you have branches in Moscow, St. Petersburg and Rostov. We code with numbers the cities in which the offices are located.
For example:
Moscow - 100
St. Petersburg - 200
Rostov - 300
Pretty easy to remember. We move on, Moscow is large and we have not one office in it, but several. Then we call further:
Moscow, Address 1, code: 101
Moscow, Address 2, code: 102
Moscow, Address 3, code: 103
In St. Petersburg there are also a couple of offices:
St. Petersburg, Address 1, code 201
St. Petersburg, Address 2, code 202
There is one office in Rostov, so we just leave 300.
Let's move on to logical affiliation. As an example, consider the situation when we have a headquarters in Moscow (the central office that controls the work of all other branches). We designate the headquarters as HQ (Headquarters). But also in Moscow there are workstations not related to HQ, but related to "ordinary" offices. Denote such an affiliation as MOS (Moscow). The bottom line is that at one address we can have both HQ computers and MOS computers. The same situation can be repeated with servers.
Accordingly, we get the following:
Moscow, Address 1, Workstation HQ: HQ101
Moscow, Address 1, Workstation MOS: MOS101
And also with other branches. The station’s logical affiliation can be anything (headquarters, headquarters, subsidiaries, etc.). Especially in large companies, different employees are responsible for IT assets in different branches. And also, for example, MOS administrators should not have access to HQ stations. Etc. This separation adds a lot of flexibility.
Next, we need to indicate that this is a workstation, not a server or, for example, a printer. So you need to come up with a designation for the workstation. In this case, everything is simple, we designate the workstations with two letters WS (WorkStation). Plus, it is necessary to distinguish between the stations among themselves, so we introduce end-to-end numbering inside each site (logical and physical). We assume that on each site no more than 100 computers.
So, the final version of the station naming:
Moscow, Address 1, Workstation 1, HQ: HQ101WS001
Moscow, Address 1, Workstation 1, MOS: MOS101WS001
Moscow, Address 1, Workstation 2, HQ: HQ101WS002
St. Petersburg, Address 1, Workstation 1, SPB: SPB201WS001
St. Petersburg, Address 2, Workstation 1, SPB: SPB202WS001
St. Petersburg, Address 2, Workstation 2, SPB: SPB202WS002
This principle of naming workstations seems quite universal and convenient to use. But it is necessary to add to the AD in the comments which user is working for a particular workstation. And do not forget to rename it when moving a computer from one platform to another.
We will talk about naming other objects in the second part.