Ok, I am sure that this will stimulate some good discussion. I am involved with a project to do an Active Directory restructure. Part of this, is to upgade to a Windows 2008 domain, reorganize OU's and user accounts, and implement a new naming convention for users and groups. Currently we use a firstname then first letter of last name and add letters on to account for duplicates up to 8 characters i.e. Joe Smith is 'joes', if there is another Joe Smith that comes in later he would be 'joesi'. Fortunatly we have not run into the issue where we have multiple people with the same spelling of their first name and the first name is 8 characters long, i.e. Jannelle Smith would be jannelle. Thus you see some potential for some issues with our username convention. I was wondering what some of the best practices are out there and what people are using and what pit falls you have run across.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Username Best Practices
- Thread starter w33mhz
- Start date
Since we're a multi-national company, we utilize the following:
Country Initials - Users first three letters of last name - users first three letters of last name.
So, Joe Smith in the USA would be:
USSMIJOE
Joe Smith in the Netherlands would be:
NLSMIJOE
This, so far, has avoided issues with near same names.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
Country Initials - Users first three letters of last name - users first three letters of last name.
So, Joe Smith in the USA would be:
USSMIJOE
Joe Smith in the Netherlands would be:
NLSMIJOE
This, so far, has avoided issues with near same names.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
I just switched an org over to first.last to match their SMTP address to deal with a duplication issues. Works great.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
- Thread starter
- #4
Nope. But we really only have one application that doesn't use Windows authentication, and it appears to be fine. It's going to get phased out anyways for an IIS/SQL solution soon.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
LWComputingMVP
IS-IT--Management
Most people I see use (and prefer) first initial, last name - so Joe Smith is jsmith. Personally - though I don't use it - I prefer the method used at my first major employer - which was lastname - and in the event of dupes, lastname + first initial - using Middle initials or multiple letters from the first name as it became necessary.
My OPINION is that to use a code similar to Davetoo's is a bit impersonal and e-mail is very personal. In the grand scheme of things, it doesn't really matter from a tech standpoint, but I wouldn't like using his scheme.
If the company was large enough, I'd probably try different naming schemes for each department or region. For example, maybe the US is first initial + last name, the UK might be lastname + first initial, and Germany might be some other combination... (Don't know... just brainstorming now).
The other thing is, I'd probably use different e-mail domains for different regions - leew@us.company.com, leew@uk.company.com (or if possible, leew@company.uk)
-Lee
Those who ask why, learn
My OPINION is that to use a code similar to Davetoo's is a bit impersonal and e-mail is very personal. In the grand scheme of things, it doesn't really matter from a tech standpoint, but I wouldn't like using his scheme.
If the company was large enough, I'd probably try different naming schemes for each department or region. For example, maybe the US is first initial + last name, the UK might be lastname + first initial, and Germany might be some other combination... (Don't know... just brainstorming now).
The other thing is, I'd probably use different e-mail domains for different regions - leew@us.company.com, leew@uk.company.com (or if possible, leew@company.uk)
-Lee
Those who ask why, learn
The AD user account name and the users email address are two completely different items. The OP asked about AD user account names, not email names. While our AD names are as I indicated, our email addresses conform to first initial last name @ company name.com. That gives Joe Smith an AD name of USSMIJOE, but his email address is jsmith@company.com. Each country is responsible for their own email, so if there was another Joe Smith in the Netherlands his email address would conform to that company's email name policy.
So, while you may not like my scheme, at least first understand it...then choose not to like it.
You have confused AD names with email names...they are not always the same nor do they have to be.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
So, while you may not like my scheme, at least first understand it...then choose not to like it.
You have confused AD names with email names...they are not always the same nor do they have to be.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
LWComputingMVP
IS-IT--Management
No, I'm aware of that... but I don't consider it a good idea because now the user has to have two different accounts to remember - I know the AD account maps to the email address - but strictly speaking, since the email address has to be unique, why not keep the usernames matching - the Keep it Simple concept.
-Lee
Those who ask why, learn
-Lee
Those who ask why, learn
theravager
Technical User
Using user employee numbers is pretty common in large enterprise. It also makes it easy to tie in with unix and sap system fairly effortlessly.
Two different accounts? That's sort of funny, since the email adderss isn't an account nor a username, it's an email address.
Lots of big companies keep their user accounts and email addresses different for security purposes. We're one of them. I would strongly argue against having the email address be the same as the user account name. That gives the hackers half of what they need to know without even trying. Dumb.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
Lots of big companies keep their user accounts and email addresses different for security purposes. We're one of them. I would strongly argue against having the email address be the same as the user account name. That gives the hackers half of what they need to know without even trying. Dumb.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
LWComputingMVP
IS-IT--Management
I've never heard that logic before... but it's not bad... Of course, you just said that EVERY small business and Microsoft is dumb because I've never encountered a small business that didn't use the email address and user name as the same thing.
You could have left off the "dumb" part... but I guess that's not you...
-Lee
Those who ask why, learn
You could have left off the "dumb" part... but I guess that's not you...
-Lee
Those who ask why, learn
The majority of companies I have worked for, never have the username = email address. Normally I prefer to use fistname.familyname@domain.com for email. For usernames, I use a naming policy that will prevent any length or dot issues specific to the environment.
PaulGillespie
Technical User
No naming conventionis perfect but try to pick on that doesn't look silly when you have users with the same name. You could try:
John Smith = jsmith
second john smith in org = josmith
third john smith = johsmith
or add in the initial of a middle name, jpsmith
no right answer here....
John Smith = jsmith
second john smith in org = josmith
third john smith = johsmith
or add in the initial of a middle name, jpsmith
no right answer here....
Nope, it's not me. I call a spade a spade. Giving a hacker part one of a two part security question isn't very smart in my opinion.
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
There are no more PDC's! There are DC's with FSMO roles!
- Thread starter
- #16
Well I know that my management wants a firstname.lastname username, I have been trying to convince them to use the employees id number for the logon and that we can use firstname.lastname as the username of the email address i.e. Joe Smith emp id = 12345678 email address Joe.Smith@company.com
I state this because we have several custom databases in which the username fields are only 8 charaters wide, applications which have 8 character limitations that could be changed, and the fact that there are issues on when someone gets married and they change their name we have to go through and change the username in several systems, and some can't have duplicate names of even employees that no longer work for us.
I see that there are some of you out there have some of the same ideas as I do and some that don't. I think that it is a great point that Davetoo has pointed out about the email address and username. Also with LWComputingMVP's point about "strange" username of Davetoo's or employee id is a bit impersonal. This has been a great discussion, and I am sorry about not chipping in sooner I have had some major issues the last few weeks and have been busy.
If there is anyone else out there who has some more ideas, or know of any other username conventions please feel free to add some more comments, I will keep watching.
I state this because we have several custom databases in which the username fields are only 8 charaters wide, applications which have 8 character limitations that could be changed, and the fact that there are issues on when someone gets married and they change their name we have to go through and change the username in several systems, and some can't have duplicate names of even employees that no longer work for us.
I see that there are some of you out there have some of the same ideas as I do and some that don't. I think that it is a great point that Davetoo has pointed out about the email address and username. Also with LWComputingMVP's point about "strange" username of Davetoo's or employee id is a bit impersonal. This has been a great discussion, and I am sorry about not chipping in sooner I have had some major issues the last few weeks and have been busy.
If there is anyone else out there who has some more ideas, or know of any other username conventions please feel free to add some more comments, I will keep watching.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question