AD Naming Convention Practice

[thegoschman]

Hey All,
Big sometimes heated arguement at work. Current ISO guy dictates that
objects (computers mainly) all follow a prescribed naming convention.
OK I have no problem with the concept. My issue is that I think that
once an object is created (again mostly equipment) in AD and given
whatever name, the name of that object should never change for the
life of the object as long as it is in the domain. Here, each time a
pc is moved from one site to another the SA has to rename the box and
then get it back onto the domain - etc. This seems too labor intensive
to me. With the abilities of AD and being able to drag and drop
objects, it makes more sense to me to name an object and then use the
given object fields (such as the description field) to enter whatever
information is desired. A simple search will then return the requested
info. By renaming an object each time it moves one is never sure if
they are talking about the same piece of equipment as it works it's
way through the domain. After all, when I move across country my name
does not change, my auto's VIN number stays the same. I think that MS
was smart enough to realize this when AD was put into motion.

Am I full of crap on this?

 

[Richard Mueller [MVP]]

I like your thinking. The location of a computer is best determined by the
object's Parent OU, Site, and subnet. Still, most people coming up with a
naming convention will base the names on location and/or department. If you
have laptops and mobile workers (reporting to multiple sites) it's easier to
argue for a naming convention that conveys no information, except maybe the
business unit that owns the box. It is important to be able to identify the
machine throughout its' life, although we used to use asset tags for that.
Other things like MAC address can change.

 

[thegoschman]

I like your thinking. The location of a computer is best determined by the
object's Parent OU, Site, and subnet. Still, most people coming up with a
naming convention will base the names on location and/or department. If you
have laptops and mobile workers (reporting to multiple sites) it's easier to
argue for a naming convention that conveys no information, except maybe the
business unit that owns the box. It is important to be able to identify the
machine throughout its' life, although we used to use asset tags for that.
Other things like MAC address can change.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--







- Show quoted text

Thanks.
It has always irritated me to no end when someone takes a tool such as
AD, and cludges up the design to a point where the benefit of the tool
becomes almost nill. We are going through a 100% equipment inventory
right now. I'm getting 3 or 4 calls a day from SA's looking for
computer 'XXX123" or such. Well, no one has it because it was renamed
when it moved 2 months ago and the SA for that area left and wasn't
keen on documentation or forgot to document it or whatever. With a
lifelong assigned name, I don't care when in the world the device is.
If it's up and running and I ping it I can tell through the IP and
network info the net where it is and I can have the admin in that area
narrow it down. If it's not then leg work begins. No different that
now. There are enough fields in AD to allow for any type of info. Dept
# Room # etc As long a the admin is doing their job then keeping track
of the device is simple.

If only I were in charge.......................

 

[Alexander V. Alexeev]

Hello,
I agree with you on the idea of assigning life-long names in AD. One of the
networks I used to work for simply named the PCs using an increment
notation... like PCXXXX where the Xs would just be a number in the order of
procurement. So, there was a separate database as part of the Helpdesk
system which maintained inventory - who the PC is assigned to, what cases
there were and jobs have been done to it, etc. Obviously, with the
incremental numbering one could effortlessly at least make out the approx.
age of the box, which could be useful in support calls.
Regards,
Alex

 

[S. Pidgorny]

Some server applications don't support server renaming (CA, LCS and some
3rd-party apps come to mind), but most object can be renamed.

With good naming convention you _shouldn't_ require object renaming during
its lifecycle.

Some details. In good design, site defines location, OU - place in
organisational hierarchy, those plus security groups - policies and
applications deployment. So naming computer accounts with geographical
location is wrong - so is naming user accounts incorporating user's position
and the office they're currently in (like "pidgorny_queenst_ITguy"). For the
workstations use something that's available during automated build like MAC
address for naming - not the user name, as workstations can be shared or
transfered.

This all is common sense stuff.