Security Basics mailing list archives
User Naming conventions - Active directory Windows 2003
From: "WALI" <hkhasgiwale () gmail com>
Date: Sat, 9 Feb 2008 22:19:50 +0400
Current scenario: AD user login name 'firstname.lastname' user email account; 'firstname.lastname () mail com' email display name: lastname, firstname In case of duplicates found within domain: New AD user login name 'firstname.lastname123'. Old account remains the same. (numerical values are added infront of the new user account) user email account; 'firstname.lastname123 () mail com' email display name (GAL): lastname, firstname, middle initial (for both old and new user - mutually agreed) Disadvantages of current convention: - Login accounts same as email IDs leads to a situation where looking at internally published email listing, it's easy to guess user's AD login account. - A malicious user can lead someone else's account to lock out condition by trying wrong password 5 times, as that's the 'Account lockout policy' setting. - Duplicates are not making sense. Any advise!!??
Current thread:
- User Naming conventions - Active directory Windows 2003 WALI (Feb 11)
- RE: User Naming conventions - Active directory Windows 2003 Lubrano di Ciccone, Christophe (DEF) (Feb 11)
- Re: User Naming conventions - Active directory Windows 2003 Kurt Buff (Feb 11)