We are having a debate about the naming convention of groups in Active Directory. Some want to follow the Microsoft advice to prefix security groups with sg- and distribution lists with dl- etc. Others would prefer to appply a suffix. And there are those who would prefer neither.  i.e.:


  • Prefix groups with sg- (sg-group1)
  • Suffix groups with -sg (group1-sg)
  • no prefix or suffix        (group1)

Those for a prefix argue that it will make searches and ordering of results easier for certain objects. Also Microsoft recommend it so there has to be value in it. Some would compromise and add a suffix. Objects types will still be identifiable but searches  such as *-sg in ADUC won't work. Finally those against both of the above argue that both the icon and the Type column should be enough. Our developers argue that they should be able to query Active Directory for groups which are intuitivly named. As a Sys Admin I agree with this but have reservations about people deciding to use groups without first discussing with the Sys Admins if that group is appropriate to use or not. Like most systems we are reviewing the number of and names of groups because overtime groups develop with similar names.


What naming conventions are used elsewhere and just as important what were your reasons for adopting it?



Views: 2598

Reply to This

Replies to This Discussion

we use TYPE_ROLE_AREA_NAME for ours. For example: DIS_SWDEP_COMPANY_AutoCAD2010_fixed would be a distribution group used for software deployment across the whole company for AutoCAD2010 fixed licence. That's about as big as we get with the names and it's only the software deployment ones that get really long names.


Sharing problems, tips, and experiences in Systems Administration, especially the human side.



  • Add Photos
  • View All


  • Add Videos
  • View All

© 2014   Created by Dan Taylor.   Powered by

Badges  |  Report an Issue  |  Terms of Service