AD FAQs – Account Administration
- How does a person affiliate his or her AD account with a particular OU?
- How do I request a Guest account?
- How can I allow specific people, who do not match my WebNew configuration, to run WebNew for my OU?
- Why do I get a 503 error when applying for an account?
- How should I request a Service account?
- How can I request an administrator (-adm) account for my OU?
- How can I reset a person’s password?
For a person to affiliate his or her AD account with a particular OU, he or she must meet the requirements set by that OU administrator and run WebNew for that OU. If the OU administrator specifies that affiliates must be faculty, staff or student in a particular group, anyone attempting to run WebNew from a different school/department will receive a 503 error (see FAQ on 503 error).
- Go to www.bu.edu/computing/accounts/ad/”OUName” (substitute your own OU name for “OUName” and omit the double quotes) and enter your last name and UID. Click “continue”.
- Enter your BU login name and click “Submit”.
- Enter your Kerberos password and click “Submit”.
- Your account will be activated and ready for use in about fifteen minutes.
By default, Guests are created with a BU Google Apps account. If you choose Microsoft Exchange, you will be contacted by the IT Help Center to verify the need for an Exchange mailbox.
To request a Guest mailbox,
- Go to www.bu.edu/help/tech/accounts/ and choose Guests
- Provide the Guest Information and the department or program the Guest is affiliated with.
- Choose the duration of the Guest mailbox, agree to the terms and conditions, and Submit.
- Go to www.bu.edu/computing/accounts/ad/”YourOUName”/useradm (replace “YourOUName” with your own OU name and omit the quotes). Enter your BU login name and Kerberos password to gain access to the user administration website.
- Click the Pre-Approve a BU login name request link.
- Enter the name of the person you want to pre-approve and click continue.
- Select ad-<your OU name> in the Choose a Host for Pre-Approval drop-down menu and click Get Host Config.
- Select the person’s status and click Pre-Approve.
- Follow the instructions highlighted in green.
The 503 error indicates that the person doesn’t match the criteria you specified for your OU’s WebNew. If this is a frequent occurrence, you can request that the criteria for your OU’s WebNew configuration be changed to more accurately reflect the qualifications of people you want to allow to run your WebNew. Otherwise, you can allow a specific individual to run WebNew by approving them manually. See the FAQ on how to allow specific people to run WebNew.
Click on Help to request a Service account or write to firstname.lastname@example.org. Once you are given the account, you have the ability to reset the password through the MMC, and you should do that before using the account.
An administrator account (ending with “-adm”) is required for each person who needs to use the AD Users and Computers tool to manage an OU. At least one such account is associated with each new OU. To request additional -adm accounts associated with your OU Admin group, please fill out this request form.
NOTE: If the person needs administrative access to a workstation but not the ability to manage your OU, you can just add the person’s regular account to the local administrator group on the workstation.
There are two methods to reset a person’s password.
1. Normal accounts (people who use their BU login name and Kerberos password to authenticate):
These people can change their passwords at the website www.bu.edu/computing/accounts/kerberos.
Password changes made in this manner will be reflected in the AD within ten minutes if the person auto-approves the change by supplying his or her old password. People who don’t remember their old passwords will have to show their BU ID at the IT Help Center or at one of the other locations mentioned at the end of the process.
2. Service accounts and AD-only Guest accounts:
Both of these account types allow for passwords to be changed within the Windows environment. The password can be changed via the standard “Ctrl-Alt-Del” screen or through the AD Users and Computers MMC by a root level OU Admin. The password must be at least nine characters long and should follow the same guidelines as passwords for a BU Kerberos password.