Best way to manage multiple admin accounts for a person

Admins in our domain have multiple admin accounts (-w/-s/-ad) along with their primary AD account. These accounts get linked to the user's proper Person (typically), but I'm trying to set it up so that they're seen as separate account definitions. On the ADSAccount template, I notice that SAMAccountName mentions an admin account config variable that looks like it would help so I've set that to "-w" just for testing. I've also created an account definition that's set to managed. When I apply this account def to a user, it seems to want to overwrite their standard ADSAccount instead of creating a new one. What's the best way to handle this? Especially since we'd like to have multiple account definitions that create the proper admin account with flags set (isprivaccount, isgroup).

Top Replies

Parents
  • Hi,

    Just so I understand, the accounts already exist for the Person record, IE the ADSAccounts exist?  But you would like to manage each using a unique account definition?

    Could you provide some more information on what the business reason/usage might be?

    Do you want one ADSAccount managed, while another is not?

    An account definition will not create a new account if there is one already assigned, this is by design.  But you can assign multiple accounts to one Person record.  Also, it's possible to define multiple manage levels, other than the defaults.

    Trevor

  • So many admin accounts were setup prior to us onboarding 1ID. For these users with prior admin level ADSAccounts, we'd like them to link up properly with a unique account def for the account type. 

    However, we'd also like to apply these account defs to new users / Persons so that the associated admin account would get created. 

    I believe we'd want them all to be managed (my understanding is this is what allows 1ID to create the new accounts). 

Reply
  • So many admin accounts were setup prior to us onboarding 1ID. For these users with prior admin level ADSAccounts, we'd like them to link up properly with a unique account def for the account type. 

    However, we'd also like to apply these account defs to new users / Persons so that the associated admin account would get created. 

    I believe we'd want them all to be managed (my understanding is this is what allows 1ID to create the new accounts). 

Children