Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 9 Next »

The Austin Active Directory Department User Tools are used to manage a Department's user accounts using a convenient and easy to use web interface.

There are three roles within the tool: Department OU Owner, Account Assignee, and Account Claimant.

RoleAvailable ActionsHow Someone Falls into Scope of the Role


When a Department OU is created, the requestor provides a list of the initial OU Owners.

Department OU Owners can edit (add/remove) owners of the Department OU.

If a Department falls in the scenario where there are no valid OU Owners (for example, all of the owners are former staff), the owners can be updated by one of the following processes:

  • The Head of the Department submits a request to the AD team, specifying the EIDs of the new OU Owners.
  • IT staff member from the department contacts the ISO who will review it and then submit a request to the AD team, specifying the EIDs of the new OU Owners.


Department OU Owners will specify the assignee(s) of a User Account when creating it, and can modify assignees at any time.

Note that a user account can have only one assignee (it is intended to be used by a single person) while a service account can have one or more assignees.


An assignee of a user account who has claimed it.

Add a Department OU Owner OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the OU Owners section, click on Edit OU Owners.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. The current Department OU owners will be shown under Current OU Owners.
  5. Enter the EID of the new Department OU Owner.
  6. Optionally check the Exact Match checkbox if you have entered the exact EID to search on.
    (For example, when searching abc1 with the checkbox unchecked, the search results will include abc1, abc12, abc123, etc.).
  7. Click the Check Names button.
  8. Select the appropriate user in the Search Results.
  9. Click the Add New Owner button.

Remove a Department OU Owner OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the OU Owners section, click on Edit OU Owners.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. The current Department OU owners will be shown under Current OU Owners.
  5. Select the owner to be removed and click the Remove Selected Owner button.

Add a Department OU Administrator OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the OU Owners section, click on Edit OU Administrators.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. The current Department OU Administrators will be shown under Current OU Admins.
  5. Enter the user name of the Departmental User that you want to be added as a Department OU Administrator.
  6. Optionally check the Exact Match checkbox if you have entered the exact user name to search on.
    (For example, when searching its-abc1 with the checkbox unchecked, the search results will include its-abc1, its-abc12, its-abc123, etc.).
  7. Click the Check Names button.
  8. Select the appropriate user in the Search Results.
  9. Click the Add New Admin button.

Remove a Department OU Administrator OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the OU Owners section, click on Edit OU Administrators.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. The current Department OU Administrators will be shown under Current OU Admins.
  5. Select the Admin to be removed and click the Remove Selected Admin button.

Create User OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the User Accounts section, click on Create User.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. Under User Name enter the user name for the new user that you are creating. Note that the user name is automatically prefixed with the Department OU Name followed by a dash.
    (You do not need to enter the DEPT- prefix when setting the user name.)
  5. Select the account type: User or Service.
  6. Select whether you want to Self-Claim the new User account.
    Select Yes if you want to claim the new user for your own use.
    Select No if you are creating this new user for someone else and want to assign it to them.
  7. Optionally provide a description for the new user under Account Description.
    This is optional but highly recommended. You can note who/what the new account is being created for.
    (For Example: Bobby Bevo's Admin Account or Service Account for running SQL Server on staff portal server)
  8. If you opted to self-claim the account, you will set the password.
    For password requirements, refer to Password Requirements for Active Directory Department Accounts.
  9. If you did not self-claim the account, you will set the assignee(s).
    Note that a user account can have only one assignee (it is intended to be used by a single person) while a service account can have one or more assignees.
    • Under Enter the assignee EID, enter the EID of the person you are assigning the new account to
    • Optionally check the Exact Match checkbox if you have entered the exact EID to search on.
      (For example, when searching abc1 with the checkbox unchecked, the search results will include abc1, abc12, abc123, etc.).
    • Click the Check Names button.
    • Select the desired user in the Search Results.
    • Click the Add Selected Assignee button.
  10. Click the Create User button

Delete User OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the User Accounts section, click on Delete User
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. Select the desired user from the Current OU Users.
  5. Click the Delete User button.
  6. Click the Confirm Delete button.

Enable/Disable a User OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the User Accounts section, click on Set Status/Description.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. Select the user from the list of Current OU Users.
  5. Click on the Enable User or Disable User button.

Set Description of User OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the User Accounts section, click on Set Status/Description.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. Select the user from the list of Current OU Users.
  5. Set or update the description for the user.
  6. Click the Set Description button.

Change Assignees of User OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the User Accounts section, click on Change Assignees.
  3. There are two ways to search for a Department User to change the assignee of:
    • Under Search for Account Assignees, select one of the search options.
      • Search for Accounts with no assignees, that have not been claimed, are claimed by an EID no longer affiliated with the University, or assigned to a specific EID.
      • Click the Start Search button.
      • Give the search some time to run.  Once it has completed, you will see the number of accounts that were returned by the search and the Search Results drop down list will be populated.  Select a User Account from this list.
        Selecting a user from this list will add it to the Select an Account drop down list under Change Account Assignees.
    • Under Change Account Assignee, select a Department OU and User within the selected Department OU
      • Select the desired Department OU from the Select a Department OU drop down list.
      • Select the desired Department User Account from the Select an Account drop down list.
  4. With the desired Department User Account selected under Change Account Assignees, you can add/remove its assignees.
    If the Account is a User Account, you will need to remove the existing assignee before adding a new assignee.  This is because a user Account can only have one assignee.
    A service Account can have one or more assignees.
  5. To remove an assignee:
    • Select the assignee under Current Assignees.
    • Click the Remove Selected Assignee button.
  6. To add an assignee:
    • Enter the EID of the new assignee.
    • Optionally check the Exact Match checkbox if you have entered the exact EID to search on.
      (For example, when searching abc1 with the checkbox unchecked, the search results will include abc1, abc12, abc123, etc.).
    • Click the Check Names button.
    • Select the appropriate user in the Search Results.
    • Click the Add Assignee button.

Show OU Users OU OWNER

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the User Accounts section, click on Show OU Users.
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. All of the Department Users will be shown under Current OU Users.
    You can optionally apply a filter by selecting an option below the list of users: Show All, Show Unclaimed, Show Disabled.
  5. You can click on a Department User to view its details.

Add an SPN to a Service Account ACCOUNT ASSIGNEE

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the Service Principal Names section, click on Change SPN.
  3. Select the desired Service Account from the list of Service accounts assigned to you.
  4. Enter a new SPN under Enter new SPN.
  5. Click the Add SPN button.

    Note that SPNs must be unique within a domain.
    If you try to set an SPN that is already in use, you will see Sorry, that SPN is already in use by another account.
    If you are unsure which account already has a SPN set on it, you can use the following PowerShell command:
    Get-ADObject -Filter { servicePrincipalName -eq "https/test:443" }
    replacing https/test:443 with the actual SPN.
    The SPN will need to be removed from the account it is currently set on before you can add it to another account.

Remove an SPN from a Service Account ACCOUNT ASSIGNEE

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the Service Principal Names section, click on Change SPN.
  3. Select the desired Service Account from the list of Service accounts assigned to you.
  4. Select the desired Service Account from the list of Service accounts assigned to you.
  5. Select the SPN that you want to remove under SPNs on the service account.
  6. Click the Remove Selected SPN button.


  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the Account Claiming section, click on .
  3. Select the desired Department OU from the Select a Department OU drop down list.
  4. Select the desired account from the list of Accounts assigned to you.
    You can filter the list of accounts shown to you by using the options below the list of accounts: Show only unclaimed accounts, Show all assigned accounts.
  5. To claim the account while keeping the existing password, check the box labelled Keep existing password.
  6. To claim the account while setting a new password, uncheck the box labelled Keep existing password.
    Enter the new password and confirm the new password.
    For password requirements, refer to KB0019439.
  7. Click the Claim this Account button.

Change User Password ACCOUNT CLAIMANT

  1. Log into the Department User Tools on
  2. From the menu on the left side of the page, under the Account Claiming section, click on Change Account Password.
  3. Select the desired account from the list of Accounts claimed by you.
  4. Enter the new password and confirm the new password.
  5. Click the Set Password button.
  • No labels