How AD Accounts are Created for New Employees and Students

Summary

Process for a new employee (or student) with regards to the creation of their Active Directory (AD) account.

Body

Example of an Issue: A student was just trying to login before there account was complete and encountered errors which prompted the student to call the Help Desk

 

Steps-to-Take:

  • Colleague creates New Employee and Student Accounts in AD.
    1. In OU CWI > Locations > NewAccounts, and student accounts in OU CWI > Student > NewStuAccounts
    2. These accounts are incomplete and remain here for up to an hour until a PowerShell script is run once an hour
    3. When the PowerShell script runs, it moves the account to the final OUs we all know and love and fills in other needed information on the AD account
    4. At this point, the AD account is usable and should be able to have its password reset on the logonhelp page.
    5. If it’s in either of the new account OUs, logonhelp and techs don’t have permissions to change the password.
      • Nor would we want to change the password as these accounts aren’t ready to use.
    6. Though the AD accounts are complete once the script moves them over…
      • Other items will still take time to setup
        • Email, my.cwi.edu access​​​​​​​, BlackBoard access, Etc.
          • They still have scripts that need to be run and syncing that needs to be completed.
        • Most things will be ready in a couple of hours after the AD account is complete, but a few items take up to 24 hours to complete.

IMPORTANT!: There are a couple of places you can check to see if the account is brand new or still being created​​​​​​​:

  • If it’s in OU CWI > Locations > NewAccounts or OU CWI > Student > NewStuAccounts:
    • The account is still being created
    • An account shouldn’t be in here for more than an hour
      • If it is, something is messed up and you contact the System Admins and ask them to investigate (showing picture of where you would see the “NewAccounts” OU.
  • Check the creation date on the account:
    1. This can be done in Active Directory Administrative Center
    2. Open the User's Account
    3. click the "More Information" arrow in the bottom left corner of the account
    4. "Created" is the creation date of the AD account.
      • If it’s less than 24 hours old, give it more time to complete the creation of the account.

Uploaded Image (Thumbnail)


 

  • NOTE: There are other important information bits found here that are VERY HELPFUL to the Help Desk Techs including:
    • When the account was created (date and time)
    • Object (OU / Canonical Name)
      • Where the “NewAccounts” OU can be found.
    • Last logon date and time
    • Last bad logon date and time
    • Password last set

Uploaded Image (Thumbnail)

Other indicators that account creation may not be complete.

  1. The User UPN logon is @mycwi.cc or @cwidaho.cc.

Uploaded Image (Thumbnail)

  1. There is no employee\student ID listed in Description
    • ​​​​​​​NOTE: Other fields under the General Tab may be empty and missing information​​​​​​​​​​​​​​

Uploaded Image (Thumbnail)

  1. Group membership is missing const-student or const-employee.

Uploaded Image (Thumbnail)

  1. Other standard information is missing from the AD account.
  2. There is no mailbox created in O365 (
    • NOTE: Only the TSS’s will be able to verify this.

Details

Details

Article ID: 174
Created
Fri 5/26/23 1:18 PM
Modified
Wed 7/12/23 1:15 PM