Recommendations for Active Directory object naming

Microsoft publishes best practice guidance under the general heading of Microsoft solutions for management. All of these best practices are based on the Microsoft Operations Framework (MOF), which includes guidelines on how to plan, deploy, and maintain IT operational processes in support of mission-critical service solutions.

Within this guidance is the Account Management for Windows Server 2003 Solution Accelerator, specifically the User and Location Management Guide, which contains conceptual information, best practices, and detailed procedures related to managing the creation, changing, or deletion of user accounts and physical locations. In the last chapter of this document are some Active Directory object naming conventions, which are actually quite restrictive – basically the only allowed characters are:

  • Uppercase letters A…Z
  • Lowercase letters a…z
  • Numbers 0…9
  • ä (= ae), Ä (= AE)
  • ö (= oe), Ö (= OE)
  • ü (= ue), Ãœ (= UE)
  • ß (= ss)
  • Underscore (_)
  • Minus sign (-)

Interestingly, no mention is made of other accented characters (e.g. ç or é).

I came across this whilst researching issues with Group Policy Management Console (GPMC) scripts producing errors when certain non-alphanumeric characters were parsed, but as general advice and guidance, adhering to these standards should be seriously considered, even though various AD management tools allow other characters to be used.

One thought on “Recommendations for Active Directory object naming

Leave a Reply