Server Management
Group Naming Convention Standard
Last modified 5/25/2023
Group Naming Conventions
A group would follow the naming convention outlined below:
- The group name will be all lower case.
- This would help keep consistency for systems that are case sensitive.
- The only use of the underscores ("_") will be to separate out group naming components.
- Example - app_confluence_space_tsendpointsupport_members
- No space (" ") characters.
- Groups should have a prefix that begins with the group types that are listed below.
- No departmental/team prefixes
Group Types
- Application Groups (app_)
Used For
Application related groups
Grouper Group Type
Access Policy Group - Published to All Directories
Group Naming Components
Structure
[Prefix]_[Application]_[Configuration]_[Sub-Configuration]_[Sub-Configuration Cont]
Prefix
"app"
Application
Name of the application
Configuration
Setting / Role Based Access Control object / configuration inside of the receiving application
Sub-Configuration
Subsequent settings / Role Based Access Control objects / configurations of the previous setting. You can continue Sub-Configurations if more than one is needed using underscores.
Examples
app_confluence_space_tsendpointsupport_members
app_configmgr_adminusers_tsendpointsupport_read
app_dfs_namespace_admin
app_jamf_access_site_atendpointsupport_administrator
app_jamf_access_site_atendpointsupport_auditor
app_jamf_access_full_auditor
- Email Groups (email_)
Used For
Distribution lists, shared mailboxes, rooms, and equipment in Exchange Online
Grouper Group Type
Access Policy Group - Published to Azure AD
Group Naming Components
Structure
[Prefix]_[EmailObject]_[Configuration/Address/Name]_[Address]
Prefix
"email"
EmailObject
Distribution List - "dist"
Shared Mailbox - "mailbox"
Room - "room"
Equipment - "equipment"
Configuration / Address / Name
The type of configuration for the email object (example: "sendas") or the beginning of the email address or object name
Address
If a configuration component was set, then the address would come after.
Examples
email_dist_tsccastaff
email_dist_sendas_tsccastaff
email_mailbox_tsevents
email_room_jh301
email_equipment_tscheckoutlaptop1
- File Server Access Groups (file_)
Used For
Access to file server shares and ACLs on network folders
Grouper Group Type
Access Policy Group - Published to All Directories
Group Naming Components
Structure
[Prefix]_[ServerName]_[ShareName]_[Folder]_[Permission]
Prefix
"file"
ServerName
The name of the server that is hosting the share or network folder.
ShareName
The name of the share on the server.
Folder
If there is a folder in the share that has different permissions than the share. Mostly used in large shares with access-based enumeration.
Permission
Type of permission granted in the ACL.
Read or Read/Execute - "r"
Read/Write - "rw"
Full Control - "full"
List/Create - "lc" (Commonly found in User Folder Redirection)
Examples
file_atscanfiles01_scans_jh205mfp_rw
file_atfileserver04_folders_cca_r
file_tscmsite07_tools_full
- Microsoft 365 Groups (m365_)
Used For
Microsoft 365 groups (aka Unified groups)
Grouper Group Type
Access Policy Group - Published to Azure AD
Group Naming Components
Structure
[Prefix]_[Type]_[Name]
Prefix
"m365"
Type
Course Sections - "course" (See below section - "School Data Sync")
Projects - "project"
Team/Department/Private Group - "team"
Public Groups / Users Groups / Gatherings - "public"
Sharepoint Sites - "sharepoint"
Name
Name of the Microsoft Teams' Team.
Examples
m365_project_10221organizead
m365_project_20292selfservicegrouper
m365_team_tscca
m365_team_tsuc
m365_team_tsoiam
m365_team_isuitstaff
m365_public_ansibleusergroup
m365_public_grouperusergroup
m365_public_isurobotlunch
m365_sharepoint_sharepointname
School Data Sync
Teams are created by the Microsoft School Data Sync tool, will have an exemption from the naming standard, per technical limitations.
- Printer Access Groups (print_)
Used For
Access to printers and print queues
Grouper Group Type
Access Policy Group - Published to All Directories
Group Naming Components
Structure
[Prefix]_[ServerName]_[PrinterName](_[Queue])
Prefix
"print"
ServerName
The name of the server that is hosting the printer.
PrinterName
The name of the printer.
Queue
If the printer has multiple queues, you should append the queue name.
Mono/Black & White - "black"
Color - "color"
Examples
print_tsprint08a_jh206copier_black
print_tsprint08a_jh206mfp_color
print_tsprint08a_jh111printer
print_tsprint08b_jh001plotter
- Reference Groups (ref_)
Used For
Creating population sets in Grouper to then be used in other groups for membership. To replace traditional "role" types of groups.
Grouper Group Type
Reference Group - Internal to Grouper, Not Published to the Directories
Group Naming Components
Structure
[Prefix]_[Department]_([Team])_[Type]_[SubType]
Prefix
"ref"
Department
Team
Type
employeestudent
affiliate
Sub Type
primary
privileged
emulator
work - Only applies to type "student"
Examples
ref_techsolutions_oiam_student_work
ref_techsolutions_oiam_student_privileged
ref_techsolutions_oiam_student_primary
ref_techsolutions_oiam_employee_privileged
ref_techsolutions_oiam_employee_primary
ref_techsolutions_oiam_employee_emulator