Campus Active Directory - Disabled OU Account
Overview
Department administrators are issued OU accounts to manage objects within their Organizational Unit. OU accounts are to be used strictly for administrative purposes and have full control over a department OU. These accounts are provisioned and managed by the Campus Active Directory team. To ensure best practices for privileged account management and reduce the attack surface within Campus Active Directory, OU accounts will be disabled automatically after certain criteria are met.
Disable Criteria
OU accounts that meet any controls below will be disabled:
- Individual is no longer with the organization
- In violation of Campus Responsible Use and UDS Data Access Policies
- At the request of a supervisor or manager
- OU account inactivity for 1 year
- OU account has never signed in after 1 month from creation by Campus AD team
Reactivation Process for Inactive Accounts
An OU account that has been disabled due to inactivity will need to be re-enabled by the Campus AD team. You may request reactivation by emailing activedirectory@doit.wisc.edu
Additional Resources
Campus Active Directory - Acceptable Use of Accounts: https://kb.wisc.edu/iam/30303
Campus IT Policies: https://it.wisc.edu/it-community/governance/information-technology-committee-itc/it-policies/