Security Basics mailing list archives
RE: User Naming conventions - Active directory Windows 2003
From: "Lubrano di Ciccone, Christophe (DEF)" <diciccone () ppg com>
Date: Mon, 11 Feb 2008 16:56:44 +0100
Depending on how large is your organization, how your security stuff is handled and managed, if your AD is worldwide or not, but you may use unique ID based on this logic : AD user login name 'xxxxyyyyy' user email account; 'firstname.lastname () mail com' email display name: lastname, firstname Where xxxx is a range of alphabetic caracter coding the Business Unit or the dept & yyyyy is a incremental number starting at 00001 til 99999; You may consider to not reuse an ID for evident reason. And if 99999 is not enough use 000001 til 999999. Christophe -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of WALI Sent: Saturday, February 09, 2008 7:20 PM To: security-basics () securityfocus com Subject: User Naming conventions - Active directory Windows 2003 Current scenario: AD user login name 'firstname.lastname' user email account; 'firstname.lastname () mail com' email display name: lastname, firstname In case of duplicates found within domain: New AD user login name 'firstname.lastname123'. Old account remains the same. (numerical values are added infront of the new user account) user email account; 'firstname.lastname123 () mail com' email display name (GAL): lastname, firstname, middle initial (for both old and new user - mutually agreed) Disadvantages of current convention: - Login accounts same as email IDs leads to a situation where looking at internally published email listing, it's easy to guess user's AD login account. - A malicious user can lead someone else's account to lock out condition by trying wrong password 5 times, as that's the 'Account lockout policy' setting. - Duplicates are not making sense. Any advise!!??
Current thread:
- User Naming conventions - Active directory Windows 2003 WALI (Feb 11)
- RE: User Naming conventions - Active directory Windows 2003 Lubrano di Ciccone, Christophe (DEF) (Feb 11)
- Re: User Naming conventions - Active directory Windows 2003 Kurt Buff (Feb 11)