Previous Job
Active Directory
Ref No.: 18-31747
Location: North Chicago, Illinois
Start Date: 05/08/2018
North Chicago Illinois
Active Directory Administrator/Engineer

Create new AD groups:
a.       E account group:  "IS100-xxx” where xxx is either the name or acronym – I'd use acronyms to keep it shorter where you can
b.      A account group:  "IS100-xxx_Admins” where xxx is the group name/acronym  (You may need to submit the SRFs to get the A accounts added)
c.       Put group in:
d.      Description: Admin group for GES (Global Enterprise Solutions)
e.      Owner: Manager of the team
f.        Notes:  No 'e' accounts are to be added to this group (MN).  Members of this group must be in the GES reporting structure.
2)      New A accounts to go in Secure/Admins OU and in the right group for the strong passwords.  (SRF required)
a.       None of these accounts should be email enabled.  This would only apply to O365 admins and is already done for ATC and AXE.
b.      Make sure the display name has the format of a 'z' in front of the first name.
3)      Use process below for each admin functional group:
a.       In short à  users go into their functional group, then that functional group is added to a security group that provides them access to what they need.
b.      Determine what AD groups/access provides the team administrative rights – this includes understanding what each AD group actually provides them the rights or access to….  It could be an AD group delegation or rights to log in to something or whatever.  This needs to be documented (a word or excel table should be built out and we can merge all of this at a later time).  I'll get a standard spreadsheet for this, but for now, the following needs to be captured:  Group Name, Group Owner, Description of rights provided by the group, any other notes about the group worth noting during discovery.
c.       Once validated that the group is an administrative group – update the comments in the group object to capture both a description and other notes as necessary.
d.      Add the newly created functional group to that group once it is determined to provide administrative rights.  Do not add any the individual account.
**It is expected that some of the access groups will have individuals in the case where only a member of a functional group has the specific right, not the whole team