Share via

request/approval of new AD user accounts

crib bar 616 Reputation points
2024-05-09T08:50:32.65+00:00

What are your procedures when it comes to the requesting and approving new user accounts (e.g., new employees, new consultants etc) in your active directory? I have seen a variety of processes; some have standardised e-forms that integrate with the helpdesk application that have to be completed by a user’s line manager and the IT department will not accept requests for anyone below a certain level/rank within the organisation. Others require this + signatures acknowledging acceptable usage policies prior to account activation? And everything in between.

I was trying to determine if there is a golden ‘industry standard’ for request/approval/creation of new AD accounts, or whether perhaps any of the various information security standards out there give organisations a template process that organisations can adopt and implement?  It clearly needs to be documented and auditable so a 3rd party such as an internal auditor can verify that processes are being followed and are understood by all parties.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,966 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,738 questions
Accepted answer
  1. Neuvi Jiang 230 Reputation points Microsoft Vendor
    2024-05-10T07:19:43.9766667+00:00

    Hi crib bar,

    Thank you for posting in the Microsoft Community Forums.

    Ensuring that there is a clear process in place when requesting and approving new user accounts in Active Directory is critical for any organization. While there is not a uniform industry standard, there are some general best practices and recommendations to follow.

    When developing a process, it is recommended to consider the following factors:

    Compliance requirements: Ensure that the process meets the organization's compliance requirements and information security standards, such as GDPR, HIPAA, etc.

    Approval authority: Clearly define who has the authority to approve user account requests and ensure that the approval process is transparent and consistent.

    Security controls: Ensure that appropriate permissions and access controls are in place for new user accounts to minimize security risks.

    Training and awareness: Train employees and approvers on the process and their responsibilities.

    Regular reviews: Review processes regularly to ensure they are effective and up-to-date to respond to changing needs and threats.

    Best regards

    Neuvi Jiang

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. チャブーン 551 Reputation points MVP
    2024-05-09T09:39:36.24+00:00

    Dear crib bar

    This is Chaboon.

    Active Directory does not have an approval workflow mechanism.

    However, I seem you can use Entra ID Governance indirectly by using Microsoft Entra ID's HR driven provisioning Authoritative HR data flow and Writeback flow.

    See below articles,

    https://learn.microsoft.com/en-us/entra/id-governance/lifecycle-workflow-tasks?WT.mc_id=EM-MVP-8322
    https://learn.microsoft.com/en-us/entra/identity/saas-apps/workday-inbound-tutorial?WT.mc_id=EM-MVP-8322

    If you only want to do it on-premises, you'll probably want to use Microsoft Identity Manager's approval workflow.

    Regards,

    1 person found this answer helpful.
    0 comments