Versions Compared

Version Old Version 4 New Version 5
Changes made by

Alex Barth

Geoff Nelson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel1
outlinefalse
typeflat
separatorbrackets
printabletrue

Overview

There are two types of accounts in the Austin Active Directory:

  • EID-based accounts are synced from the uTexas Identity Manager (TIM)

  • Department User and Department Service accounts are managed in the Department User Tools

EID-Based Accounts

Which EID-based accounts

are enabled

exist in Austin Active Directory?

In order to be enabled, the EID must have an Active logon status in the EID system AND EIDs with one of the following Affiliations or Entitlements are present in Austin Active Directory:

Affiliations

Current Faculty

Future Faculty

Current Staff

Future Staff

Current Student

Future Student

University Affiliate

University Extension Participant

Official Visitor

Entitlements

AAD

EML

LLC

LLT

LLV

LLG

LLS

CWU

OLL

An EID-based account will remain in Active Directory until all of the conditions are met for it to be removed.

When an EID-based account has one of the affiliations or entitlements listed above, its Primary Group will be Domain Users.

When an EID -based account does not have one of the affiliations listed above, its Primary Group will be Domain Guests. It will remain in Domain Guests until it has an affiliation or entitlement listed above, or it is removed from Active Directory.

Members of the Domain Guests group are (by default) not able to authenticate to Windows and Mac computers joined to the domain. Linux computers joined to the domain must take additional steps to prevent them from being used on them.

Which EID-based accounts are enabled in Austin Active Directory?

In order to be enabled, the EID must have an Active logon status in the EID system. If it is disabled or flagged to require a password change in the EID system, it will be disabled in Active Directory.

Are EID-based accounts removed from Austin Active Directory?

EID-based accounts are removed from Austin Active Directory when all of the following conditions are true:

  • The EID does not have an Office365 mailbox

  • The EID does not have one of the required affiliations or entitlements

  • The EID has the Inactive logon status OR is set to require a password change in the EID system

  • The EID has not logged into Austin Active Directory for at least 15 months

  • The EID is disabled in Austin Active Directory

Department User and Service Accounts

Department OU owners can create Department User and Service accounts on the Department User Tools.

Refer to the Department User Tools documentation for more information on the creation and management of Department accounts.