Solved

Naming users in AD and Exchange

Posted on 2007-11-19
6
188 Views
Last Modified: 2013-12-04
Hi all

I was wondering of the related best practises in the areas of user naming convention within Windows/Exchange 2003 environment.

The concern arose from the fact that most of the times, users email listing appears in Intranet websites if not Internet and also, I have seen at most places, that user's login names and exchange email IDs are the same, giving rise to a security concern that with Email ID list readily available on the Intranet, we are 50% nearer to cracking the password of the user, if his/her login ID corresponds to Email ID.

Your thoughts in this regards?
0
Comment
Question by:Petrofac_ITlogmein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 100 total points
ID: 20317760
i have my users as first.last for windows and first.last as email

my Gal shows them as first last without the dot - just edit the display names.....

i wouldnt be worried at all to be honest
0
 
LVL 23

Accepted Solution

by:
ormerodrutter earned 200 total points
ID: 20319512
I think in your case, if you are worried then you can deploy a "Strong" password policy ensuring your users to have a strong/complex password and have it change every x days.

Its true that in most case user login name is part of his/her email. Not only its convenient for your users, it is convenient for your admin to identify the user quickly. Of course you can reset all their accounts to having different login names but you will become the most unpopular person in the company :)

I have seen case where user have their car registration number as their login names.

The last thing you want is to change their email addresses.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20322628
I generally use the surname and sometimes first initial (i.e. <surname><firstinitial>) for username and the same for email, so I have addresses like bloggsj@example.com. From a management standpoint I like to keep username the same as email address for quick identification.

As for their actual display name, I use <surname>,<initials>,<first name> as both the full name and display name. Having the surname first makes it easier to find users in the GAL and in AD, i.e. Bloggs,JD,Joe is easier to find than Joe Bloggs, if you get what I mean.

-tigermatt
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:Petrofac_ITlogmein
ID: 20541343
Various Methods are envisaged for display names although it's decided that we can live with strong password policy when it comes to using same email IDs and AD login IDs.

The main issue now is resolve same (first name/lastname) users across departments and business units. Supposing I have business units(categorised as different OUs within AD), by the name of DUB and DEL.

First otion that we have can be:

1. Location / Division  Firstname Lastname
DEL- Some Name
DUB-Some Name
Pros:  Easier for the end user to search if they now the department of the other person

2. Firstname Lastname  Location / Division
Some Name-DEL
Some Name-DUB
Pros: Easier to differentiate the person based on department , simple search with first name

3. Lastname , Middle Initial , Firstname
Name,X,Some
Name,Y,Some

Pros: Display presentation will be good, however most of the time people may find it difficult to remember the middle initial to identify the right person

Then there could be same name within departments.

I was also thinking that each employee has his/her unique employee ID, if we can use it within display name in some way?

Any better ideas..anyone!! :( Considering that have about 2000 employees spread across globe over a Single Domain of AD/Exchange 2003?
0
 

Author Comment

by:Petrofac_ITlogmein
ID: 20570992
How do you guys treat duplicates , vis a vis AD logon accounts or email accounts???
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20580278
your going to come across either complexity issues and over kill or the possibility of duplicate names....if you choose a firstname.lastname approach, its no biggy if you get a duplicate and vary a little from the standard
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question