Accounts in Austin Active Directory
- Geoff Nelson
- Alex Barth
Overview
There are two types of accounts in the Austin Active Directory:
EID-based accounts are synced from the uTexas Identity Manager (TIM)
Department User and Department Service accounts are managed in the Department User Tools
EID-Based Accounts
Which EID-based accounts exist in Austin Active Directory?
EIDs with one of the following Affiliations or Entitlements are present in Austin Active Directory:
Affiliations |
|---|
Current Faculty |
Future Faculty |
Current Staff |
Future Staff |
Current Student |
Future Student |
University Affiliate |
University Extension Participant |
Official Visitor |
Entitlements |
|---|
AAD |
EML |
LLC |
LLT |
LLV |
LLG |
LLS |
CWU |
OLL |
Â
An EID-based account will remain in Active Directory until all of the conditions are met for it to be removed.
When an EID-based account has one of the affiliations or entitlements listed above, its Primary Group will be Domain Users.
When an EID -based account no longer has any of the affiliations listed above, its Primary Group will be Domain Guests. It will remain in Domain Guests until it has an affiliation or entitlement listed above, or it is removed from Active Directory.
Members of the Domain Guests group are (by default) not able to authenticate to Windows and Mac computers joined to the domain. Linux computers joined to the domain must take additional steps to prevent them from being used on them.
Which EID-based accounts are enabled in Austin Active Directory?
In order to be enabled, the EID must have an Active logon status in the EID system. If it is disabled or flagged to require a password change in the EID system, it will be disabled in Active Directory.
Are EID-based accounts removed from Austin Active Directory?
EID-based accounts are removed from Austin Active Directory when all of the following conditions are true:
The EID is disabled, and therefore the account is disabled in Austin Active Directory
The account has been disabled in Active Directory for at least 15 months (or was never enabled)
The account no longer has any of the affiliations or entitlements that would make it show up in Active Directory (listed above)
The account does not have an M365 mailbox
The account has not authenticated against Austin Active Directory for at least 15 months
Because of the conditions where the EID must be disabled (which occurs after 15 months of inactivity in the EID system) and the account has been disabled in Active Directory for 15 months, that means an account will not be removed until it has been inactive for 2.5 years (30 months).
Department User and Service Accounts
Department OU owners can create Department User and Service accounts on the Department User Tools.
Refer to the Department User Tools documentation for more information on the creation and management of Department accounts.
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.