No announcement yet.

AD User management

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD User management

    Hi All!

    I am facing an issue at work at the moment where the second Domain Admin tells me it is a standard that one user has multiple logins if they have multiple roles.

    For instance, I myself am a Domain Admin as well as a Developer, so they are suggesting that I have two accounts,

    A_USER.NAME - for Admin
    D_USER.NAME - for Development.

    They assure me this is a standard and is more secure, and easier to manage.

    Is this really an appropriate and secure way to configure our AD Server?

    Any opinions are more than welcome and I would greatly appreciate any thoughts!

    Kind regards,

  • #2
    Re: AD User management

    It is considered best practice for Administrators to have two user accounts; one standard user account for you normal everyday logon and access to resources (email, file, print) and a second account for use only when performing administrative duties.

    So yes, the second Domain Admin is correct.


    • #3
      Re: AD User management

      Hi JoeQwert,

      Thanks for the quick response. I feel better now having a second opinion on the matter.

      Thanks for your time!

      Should I follow any particular naming standard for the accounts?


      • #4
        Re: AD User management

        i think the standard really depends on your organisation.

        for instance.. i know one place I worked, every person has a standard username, based on the initial of first and last name, and a unique 4 digit number, incremented by one.

        So, I'd have TC0020 for instance.
        If I ever left, that username would never be used again.

        If I got an admin account, I had TC0020_A
        If i had an admin account for a separate domain, I might have TC0020_D for Dev
        and TC0020_T for Test..
        Please do show your appreciation to those who assist you by leaving Rep Point


        • #5
          Re: AD User management

          We used "FirstinitialLastname" for our standard user accounts: jwebster


          "FirstinitialLastinitialAdmin" for our admin accounts: jwadmin.


          • #6
            Re: AD User management

            yet another place, I've got firstnameX - (initial of last name) so I'd have TehC.
            yet for admins, I have ATC

            i think the point I'm makin with this repetition is there's about a bazillion ways to do it..
            Please do show your appreciation to those who assist you by leaving Rep Point