University of Colorado at Boulder  
Map A to Z Index Search CU Home
ITS logo
Information Technology Services News | ITS Search
UCB Windows 2000 Resource Center

 
Learn More
Back to the UCB Windows 2000 Resource Center
UCB W2K Admin Guide Start
Why Windows 2000 and Active Directory at UCB?
Joining the AD infrastructure at UCB
Using the AD infrastructure at UCB
Additional information and resources
Quick index of the administrators guide documents


 

UCB Windows 2000 Campus Domain Naming Conventions

The Network and Desktop Operating Systems (NDOS) group of Information Technology Services (ITS) has established the following naming convention for departments participating in the Windows 2000 infrastructure at UCB. This convention has been developed for reasons of organization, manageability, and security. Not only will it assist those maintaining the infrastructure, but it will also assist departmental administrators in the management of their Organizational Units (OU).

OUs

Each department participating in the Windows 2000 Active Directory (AD) is given an OU named according to the appropriate abbreviation. Academic departments will have OUs named with their four-letter abbreviation (ie. Business = BSNS, Pschology = PSYC). ITS will suggest a name to non-academic departments that is accurate, descriptive, and long-term. If non-academic departments object to the suggested name, ITS will work with the department in determining an appropriate name.

Once control of the OU is delegated to the department administrator, that administrator will have the ability to create child OUs, Group Policy Objects (GPOs), groups, computers and other objects within that OU. There is no required naming convention for child OUs, however, we recommend the names reflect the purpose of the OU and remain short. The other naming conventions will show why this is recommended.

GPOs and Groups

Because the names of group policy objects and groups must be unique across the entire domain, a naming convention is required. The naming conventions for GPOs and groups are the same. Each of these objects should be named in the following way:

<department OU name>-<child OU name>-<other child OUs>-<object name>

For example:
ITS-MSG-Labs-General Lab GPO
Or
ITS-ITS Staff Members

There is no required convention for the <object name> portion, but it should be descriptive of the function of the object.

This naming convention serves several purposes. First, it allows for quick and easy searches for the GPOs and groups relating to one department. This is helpful in a number of administrative tasks both for department administrators and infrastructure administrators. Second, it prevents overlapping names for such items. Third, it allows for easier auditing of the AD by infrastructure administrators.

This naming convention will be enforced by ITS.

Computers and other resources

Computers (including servers) and other resources (ie. printers or shares) do not have a set naming convention like OUs or GPOs, but there are important considerations to naming computer objects. Because Windows 2000 relies heavily on DNS to locate computers, administrators should correlate the DNS names of their computers to the computer object names in the domain. Computers may have a DNS name of xxx.ad.colorado.edu or xxx.colorado.edu, where xxx represents the name given to the computer (you must designate the domain suffix when configuring the computer - it will default to using ad.colorado.edu when you join the domain, but can be set to colorado.edu). Because the naming system is DNS based, no two computers can have the same name. If you attempt to create a computer in the AD with the name of an existing computer, you will receive a warning and will not be able to create the computer. It is recommended that you use a naming convention similar to the GPO/group convention noted above to simplify your administration and to avoid name overlap.

Note about namespace: UCB uses a flat DNS namespace, which means if the name bob.colorado.edu is in use, one cannot use the address bob.ad.colorado.edu or vice-versa. A computer's name (in this case bob) can only exist in one place.

Note for administrators creating computer objects: Be sure to have your IP addresses name served before joining your computers to the domain. Many functions, including remote management of computers, require proper name service. You can request name service and static IP addresses via the web at: http://huckleberry.colorado.edu/ipmaster/IPApp/.

Note for current static IP users with name service: You may continue to use your xxx.colorado.edu name once you join the domain if you configure your network settings properly. (Note: to use an xxx.Colorado.edu DNS name and have the IdentiKey kerberos configuration work properly, a special step is required.) If you wish to move to a xxx.ad.colorado.edu name, you will have to request new name service for your IP address. If your computer is currently name-served as bob.colorado.edu and you move it into the AD by default the computer object will be identified as bob.ad.colorado.edu locally and in the domain, but it will not automatically register itself in DNS as bob.ad.colorado.edu.

Note for current DHCP users: Because Windows 2000 relies heavily on DNS naming for various services and ITS is not currently allowing dynamic DNS updates, it is strongly suggested that you move to static, name-served IP addressing to fully leverage the features of Windows 2000.

Getting Help

help@colorado.edu
       
       Support | Training | Facilities | About ITS | ITS Home
 

Last reviewed: October 30, 2006

IT Service Center: 303-735-4357 (5-HELP), help@colorado.edu, Location and Hours of Operation
Computer Support Representative (CSR) look-up tool

itsfeedback@colorado.edu  | Policies | Privacy
© 2000 The Regents of the University of Colorado