How to make provisioning create a new AD account for an existing account.

Overview / Purpose

This procedure outlines how to trigger the provisioning system to generate a new Active Directory (AD) account for an individual who already exists in AD but we want to generate a new AD account for this person. This ensures proper identity lifecycle management, avoids duplicate identities, and maintains system integrity.

Trigger

This process is initiated when a support ticket is created when a person needs a new AD account because they can no longer use their old AD account. This could occur when an employee no longer works at the campus but is still a student.

Steps

1. Locate the person in https://identity.csustan.edu/ldapdir.
2. Click the edit (pencil) icon.
3. Clear out their PeopleSoft EMPLID and Banner PIDM and click the Submit button.
4. Allow provisioning to generate a new principal name/AD account during the overnight process.
5. Update support ticket that the process has been started.
6. Verify the next day that the new account was completed by searching for the person by EMPLID.
7. Update the support ticket with the new principal name and change the status to Closed.

Outputs / Definition of Success

A successful outcome includes

• A newly created AD account tied to the correct EMPLID.
• Ticket or request marked resolved with documentation.

Resources

• https://identity.csustan.edu/ldapdir
• Active Directory Users and Computers (ADUC)
• stacc002.sqr (provisioning SQR)
• https://tfs.csustan.edu/OIT%20Team%20Projects/Craigs%20Projects/_git/ldapdir