UC Davis Active Directory Project (05/17/2006)

Account Setup

This document discusses how to setup accounts in the campus Active Directory.

There are two types of accounts you will be working with: campus user accounts (Kerberos accounts), and local OU accounts. In this document, we will be looking at campus user accounts, and how they are propagated from the centralized campus computing accounts system (http://computingaccounts.ucdavis.edu) to the campus Active Directory.

1. IMAD Permit

a. User Added Account Service Permit

b. Back Fill (Migration Only)

c. Account Proxy

2. ADSP Permit

a. User Added Account Service Permit

b. Changing your ADSP password

b. Back Fill (Migration Only)

IMAD PERMIT

The IMAD service permit is used to create a user account in the campus Active Directory that matches a user account in the centralized campus computing accounts database. The only requirement for obtaining an IMAD service permit is to have an IKRB service permit. The IKRB service permits are added by default to all new campus accounts.

a. USER ADDED ACCOUNT SERVICE PERMIT

This process involves going to a web site, and adding a permit to your campus Kerberos account. This is done on an individual basis and is completed by the account’s owner. This is the method that should be used after the initial population of your department’s OU or Child Domain.

01] Open a web browser to http://computingaccounts.ucdavis.edu. You should see the page shown below.

02] Select the Add or Remove account service option. Press the Begin button at the bottom of the web page. This will start the process to add the IMAD permit.

03] Fill out the information requested. When complete, hit Submit Information. Note: Your social security number can be used in place of your Student/Employee ID number.

04] Choose Add services to your account. Press Continue to proceed.

05] Enter the login ID (your campus Kerberos account). Press Continue to proceed. Your login ID is the username you use to access http://my.ucdavis.edu and most other campus web services, including email.

06] Select the IMAD permit. Click the button next to the IMAD permit and hit the Continue button.

07] On the next screen, press Grant ServiceID to add the account service permit to your account. The permit has now been added. Your account will show up in the Active Directory within 15-40 minutes.

b. BACK FILL (MIGRATION ONLY)

For departmental migrations, we have the ability to add the IMAD permit in bulk. In order to perform this action, please send a request to adhelp@ucdavis.edu with either a PPS department code, or a return-separated list of campus accounts (See example). We will then process the request, adding the IMAD permits to the accounts listed.

Example:

Department code: 060000

List of User:

usera

userb

userc

c. ACCOUNT PROXY

Sometimes, it is beneficial to be able to assign service permits to your users. This simplifies the work you need to do in order to get your users on the system. IET offers an Account Proxy Program ( http://email.ucdavis.edu/email/accountproxyprogram.html ). This program allows you to act as a proxy for your users.

ADSP PERMIT

The ADSP permit is used to set your password in the campus Active Directory. The first time you setup this permit, you will be asked to enter your Kerberos password. This password will be used to initially set the password on your campus Active Directory account.

Once you have the permit, any time you change the password for the ADSP service permit, it will set your password on the campus Active Directory account.

a. USER ADDED ACCOUNT SERVICE PERMIT

This process involves going to a web site, and adding the ADSP permit to your campus Kerberos account. This is done on an individual basis and is completed by the account’s owner.

01] Open a web browser to http://computingaccounts.ucdavis.edu. You should see the site shown below.

02] Select the Add or Remove account service option. Press the Begin button.

03] Fill out the information requested. When complete, hit Submit Information.

04] Choose Add services to your account. Press Continue to proceed.

05] Enter the login ID (your campus Kerberos account). Press Continue to proceed. This is the username you use to access http://my.ucdavis.edu and many other campus web services.

06] Select the ADSP permit. Once selected, press the Continue button.

07] You will now see the password entry form. Enter your Kerberos password here.

08] The permit has now been added. Your password will be synchronized in the Active Directory within 15-30 minutes.

a. CHANGING YOUR ADSP PASSWORD

This process involves going to a web site, and changing your password. You can choose to change just the password for Active Directory, or you can change your Kerberos password at the same time.

01] Open a web browser to http://computingaccounts.ucdavis.edu. You should see the site shown below.

02] Select the Change your password option. Press the Begin button.

03] Fill out the information requested. When complete, hit Submit Information.

04] Enter your LoginID and select the method you will use to verify your identity. Press Continue to proceed.

05] Select the service permits for which you want this new password to apply. Only the service permits selected will have their password changed. If you only select the ADSP service permit, your Kerberos password will NOT be changed.

06] Enter your Kerberos password, and then the new password (Note: We chose “Kerberos Password” in step 4).

07] Your password has now been set. You may change your validation questions if desired. The password in Active Directory should be set within 15-30 minutes.

c. BACK FILL (MIGRATION ONLY)

For departmental migrations, we have the ability to add the ADSP permit in bulk. In order to perform this action, please send a request to adhelp@ucdavis.edu with either a PPS department code, or a return-separated list of campus accounts (See example). We will then process the request, adding the ADSP permits to the accounts listed.