User Naming conventions - Active directory Windows 2003

["WALI" <hkhasgiwale () gmail com>]

Current scenario:

AD user login name 'firstname.lastname'
user email account; 'firstname.lastname () mail com'
email display name: lastname, firstname

In case of duplicates found within domain:

New AD user login name 'firstname.lastname123'. Old account remains the
same.
(numerical values are added infront of the new user account)
user email account; 'firstname.lastname123 () mail com'
email display name (GAL): lastname, firstname, middle initial (for both old
and new user - mutually agreed)

Disadvantages of current convention:
- Login accounts same as email IDs leads to a situation where looking at
internally published email listing, it's easy to guess user's AD login
account.
- A malicious user can lead someone else's account to lock out condition by
trying wrong password 5 times, as that's the 'Account lockout policy'
setting.
- Duplicates are not making sense.

Any advise!!??