8.2.2.14 Active Directory Account Identification Standard

Purpose:

Active Directory plays a significant role in maintaining a secure technology environment.Ineffective or insufficiently defined requirements for Active Directory accounts and/or ineffective periodic monitoring of the environment increases the likelihood that a bad actor could compromise an account, gain a foothold in the system, and launch further attacks.The purpose of this Active Directory Account Identification Standard is to define the minimum data requirements to be maintained in Active Directory to ensure effective identification of a person.

Scope:

This standard applies to all Active Directory domains operated and/or managed by staff or faculty at the University of Oklahoma.   

Standard Statement:

  1. In accordance with the Identity and Access Management Policy, university accounts will be created and labeled accordingly for individuals within the following categories and maintain the following attributes, where available:
    1. Student Accounts
      1. College Code: code identifying primary college affiliation as defined in Banner or Campus Solutions (Health Sciences Center).
      2. College Name: name identifying primary college affiliation as defined in Banner or Campus Solutions (Health Sciences Center).
      3. Department Code: code identifying primary HR department affiliation in PeopleSoft Human Capital (HCM).
      4. Department Name: name identifying primary HR department affiliation in PeopleSoft Human Capital (HCM).
      5. SoonerID: a unique identifier for OU.EDU account holders.
      6. HSC SAID: identifier for OUHSC.EDU account holders.
      7. Last Name: an individual’s legal last name.
      8. First Name: an individual’s preferred first name.
      9. Legal First Name: an individual’s legal first name.
      10. Middle Initial: an individual’s middle initial.
      11. Norman EmployeeID: identifier for OU employees as defined PeopleSoft HCM.
      12. OUHSC EmployeeNumber: identifier for OUHSC employees as defined in PeopleSoft HCM.
      13. Common Name (CN): unique identifier for Active Directory accounts.
      14. Email Address: an individual’s assigned email address.
      15. Display Name: an individual’s last name, first name, and middle initial.
      16. SamAccountName: an inidividual’s userid assigned at the time of account creation.
      17. Distribution List Assignments: defined organizational distribution lists for which the individual is a member of.
      18. GlobalID: (ExtensionAttribute14): unique identifier for all individuals at OU (GlobalID)
    2. Staff or Faculty Accounts
      1. Department Code: code identifying primary HR department affiliation in PeopleSoft Human Capital.
      2. Department Name: name identifying primary HR department affiliation in PeopleSoft Human Capital.
      3. OU EmployeeID: a unique identifier for OU.EDU employees as defined in PeopleSoft HCM.
      4. OUHSC EmployeeNumber: identifier for OUHSC.EDU employees as defined in PeopleSoft HCM.
      5. SoonerID: identifier for OU.EDU account holders.
      6. HSC SAID: identifier for OUHSC.EDU account holders.
      7. EmployementType: identifier to determine the employment type for a user (1 = Salaried, 0 = hourly) as defined in PeopleSoft HCM.
      8. Last Name: an individual’s legal last name.
      9. First Name: an individual’s preferred first name.
      10. Legal First Name: an individual’s legal first name.
      11. Middle Initial: an individual’s middle initial.
      12. Distribution List Assignments: defined organizational distribution lists for which the individual is a member of.
      13. Manager: identifier for the manager of the employee as defined in PeopleSoft HCM
      14. Email Address: an individual’s assigned email address.
      15. Common Name (CN): unique identifier for Active Directory accounts.
      16. Direct Reports: identifier for employees which report directly to the individual.
      17. Display Name: an individual’s last name, first name, and middle initial.
      18. SamAccountName: an inidividual’s userid assigned at the time of account creation.
      19. GlobalID: (ExtensionAttribute14): unique identifier for all individuals at OU (GlobalID)
    3. Sponsored Accounts
      1. Department Code: code identifying primary HR department affiliation in PeopleSoft Human Capital.
      2. Department Name: name identifying primary HR department affiliation in PeopleSoft Human Capital.
      3. Last Name: an individual’s legal last name.
      4. First Name: an individual’s preferred first name.
      5. Legal First Name: an individual’s legal first name.
      6. Middle Initial: an individual’s middle initial.
      7. Distribution List Assignments: defined organizational distribution lists for which the individual is a member of.
      8. SponsorID: userid or identifier for sponsor of the sponsor account.
      9. SamAccountName: an inidividual’s userid assigned at the time of account creation.
      10. Display Name: an individual’s last name, first name, and middle initial.
      11. Email Address: an individual’s assigned email address.
      12. GlobalID: (ExtensionAttribute14): unique identifier for all individuals at OU (GlobalID)
    4. Admin (Privileged) Accounts
      1. Last Name: an individual’s legal last name.
      2. First Name: an individual’s preferred first name.
      3. Middle Initial: an individual’s middle initial.
      4. ElevatedLinkedMail: primary email address for the user.
      5. SamAccountName: an inidividual’s userid assigned at the time of account creation.
    5. Shared (Organization) Accounts
      1. Department Code: code identifying primary HR department affiliation in PeopleSoft Human Capital.
      2. Last Name: an individual’s legal last name.
      3. First Name: an individual’s preferred first name.
      4. Middle Initial: an individual’s middle initial.
      5. SponsorID: userid or identifier for sponsor of the sponsor account.
      6. SamAccountName: an inidividual’s userid assigned at the time of account creation.
      7. Email Address: an individual’s assigned email address.
    6. Service Accounts
      1. Department Code: code identifying primary HR department affiliation in PeopleSoft Human Capital.
      2. Last Name: an individual’s legal last name.
      3. First Name: an individual’s preferred first name.
      4. ElevatedLinkedMail: email address used by the service account owner.
      5. SamAccountName: an inidividual’s userid assigned at the time of account creation.
      6. Description: information specific to the service account and service request.