Active Directory Naming Formats - protege987/Active-Directory-Domain-Services GitHub Wiki

Introduction

Looks (Lets) learn about active directory naming.

Computer names

NetBIOS computer names

NetBIOS computer names can contain alphanumeric characters except for the extended characters that appear in the Disallowed characters list. Names can contain a period, but names can't start with a period. Due to a DNS restriction computers that are members of AD domain can't have names that contain only numbers

Name length

Has to be between 1 - 15 characters The 16th character of a NetBIOS computer name is reserved for identifying the functionality that is installed on the registered network device. There is a list of reserved names located here (https://learn.microsoft.com/en-US/troubleshoot/windows-server/active-directory/naming-conventions-for-computer-domain-site-ou#table-of-reserved-words)

Netbios

How does netbios register? When client machine boots up, it broadcast it's netbios information to all machines on the network If another client on the network already has the name, it responds with a broadcast that it already has registered the netbios name. The new machine will stop trying to register and if no other machine on the network responds, the client will finish the process.

Scope ID

This is used as an extended naming service for the NetBIOS over TCP/IP (known as NBT) module. It's purpose is to have all the traffic with the same netbios scope ID together isolating them. The scope is added to the netbios name and is a character string The scope ID on two hosts must match or else they can't communicate. You can have the same netbios name but two different scope ID as adding the scope will make the name unique

DNS host names

Allowed characters alphabetic characters (A-Z) numeric characters (0-9)

Excluded minus sign (-) period (.) used to delimit the components of domain style names

The underscore has a special role for first character in SRV records The DNS host name registration process substitutes a hyphen (-) character for invalid characters

DNS name length

FQDN of DC must be smaller than 155 bytes 2 - 63 characters

Windows doesn't permit computer names that exceed 15 characters, and you can't specify a DNS host name that differs from the NetBIOS host name

Domain names

Netbios Domain name

NetBIOS domain names can contain alphanumeric characters except for the extended characters that appear in the Disallowed characters list. Names can contain a period, but names can't start with a period. If you're upgrading a computer whose NetBIOS name contains a period, change the name by migrating the domain to a new domain structure. Don't use periods in new NetBIOS domain names. The ampersand (&) character in NetBIOS domain names was allowed previously and is supported for historical purposes only. Don't create new Active Directory domains whose NetBIOS domain names contain ampersand (&) characters.

Name length

Same as above 1 - 15 characters 16th character reserved for registered network device

The use of NetBIOS scopes in names is a legacy configuration. It shouldn't be used in Active Directory forests. This is not an inherent problem. However, some applications might filter the name and assume a DNS name if a period is found.

DNS domain names

Similar rules for host name

OU names

Allowed characters All characters are allowed, even extended characters Lightweight Directory Access Protocol (LDAP) doesn't have any restrictions because the CN of the object is put into quotation marks

Disallowed characters None

Name length

1 - 64 characters

Special issues for OUs

Extensible Storage Engine (ESE)

Source :