User and Group Management
62
NAS 1500s and 500s Administration Guide
Additional information about planning for domain environments can be found at:
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
The configuration of the domain controller is reflected on the NAS server because it obtains
user account information from the domain controller when deployed in a domain environment.
As mentioned previously, the server cannot act as a domain controller itself.
User and group name planning
Effective user and group management is dependent upon how well the user and group names
are organized. Administrators typically create a small number of groups on the network and
then assign users to the appropriate group or groups. File system and share permissions can
then be applied at the group level, rather than at the user level. If the number of groups is
small, assigning the appropriate permissions to selected group, or groups, is more efficient
than assigning permissions to each user.
Although each organization has specific conventions, following general guidelines makes
administration simpler and more efficient. Because CIFS/SMB is dependent on users and
groups to grant appropriate access levels to file shares, CIFS/SMB administration benefits
from a consistent user and group administration strategy.
Managing user names
Usernames should reflect a logical relationship between the username and the person who uses
the account. It is important that rules are established to ensure that usernames are:
■
Systematic
■
Easy to follow and implement
■
Easy to remember
Using a combination of the user's first name, middle initial, and last name results in systematic
usernames for every member of a particular organization. Common examples include:
■
First initial followed by last name (jdoe for John Doe)
■
First initial followed by middle initial and last name (jqpublic for John Q. Public)
■
First name followed by last name, separated by a period (john.smith for John Smith)
■
Last name followed by first initial (doej for Jane Doe)
Guidelines must be in place for instances when two users have the same initials or name. For
example, a number can be added to the end of the username (jdoe1 and jdoe2).
Other conventions can be applied. Just ensure that conventions are both systematic and
consistent.