User Accounts Naming Conventions

Active Directory requires that all users have unique names. This is achieved by using users UnityID (guaranteed to be unique), and in some cases, special suffixes. The table below outlines the naming conventions that should be used for different types of users on the WOLFTECH domain.

Normal Users (w/ UnityID)

  • Format: <UNITYID>
  • Examples: jqpublic
  • Note: The username and display name should be the user’s UnityID. These accounts should only exist in the People OU.
Normal Users (w/o UnityID)
  • Format: <DEPT>.<FIRSTNAME>.<LASTNAME>
  • Examples: ECE.John.Public
  • Notes: The username and display name should be <DEPT>.<FIRSTNAME>.<LASTNAME> to prevent confusion or conflicts with UnityIDs. These accounts should only exist in the <DEPT>\Departmental Users OU.
OU Admin
  • Format: <UNITYID>.admin
  • Examples: jqpublic.admin
  • Notes: OU Admins have administrative privileges over their departmental OU.
Departmental Computer Admin
  • Format: <UNITYID>.admin
  • Examples: jqpublic.admin
  • Notes: Departmental Computer Admins have local Administrator privileges on all computers in their departmental OU. This requires that <DEPT>-OU Policy be defined correctly to add <DEPT>-Computer Admins to the local Administrators group of the machines in the OU. These accounts are used by departmental, and if desired, college IT help desk staff to provide computer support.
Service Accounts
  • Format
    • <DEPT>.<SERVICENAME>.service
    • <DEPT>-<SERVICENAME>.service
    • <DEPT>.<SERVICENAME>.svc
    • <DEPT>-<SERVICENAME>.svc
  • Examples
    • CNR.wds.service
    • ECE.iis.service
    • coedean.scan.svc
  • Notes: Service accounts are used for programs and services that need a special user container to access domain resources. They should only be used when the provided service requires separation from a valid normal or admin user account. These accounts should only exist in the Departmental Users/Service Accounts subOU in a departmental or college-level OU.

Domain Admin

  • Format: <UNITYID>.domadmin
  • Examples: jqpublic.domadmin
  • Notes: Domain Admins have administrative privileges on the entire domain and have local administrator on all domain machines (except those that manually remove Domain Administrator from the local Administrators group). The membership of the Domain Admins group is tightly screened.