We are having issues with namespace conflicts. An example:
Network Admins is used by AD-aware applications for access controlNetwork Admins was going to be used for the Exchange shared calendar for the same group but the name conflicted with the existing security group.How are people handling this? Our first thought was adding suffixes (Network Admins SG vs. Network Admins SC). Not sure if there's a better practice.
Lots of organizations have concepts of different types of groups, eg. "access" groups, "restriction" groups, "distribution" groups (should be using OUs, but whatever), and "configuration" groups, in addition to application-specific groups. They have a prefix for each; for instance, a group that causes the login script to map a particular site's network shares might be called C_SRV_SITE0123456, while one that gives them read/write access to some application might be E_ExchangeCal_RW. In this case all groups are prefixed and the account naming scheme does not include prefixes, so that they will never collide.
It doesn't really matter how you do this, but it can make searching easier. Technically it de-normalizes your AD database, but that is a DBA topic and probably not important.
