Person
...
Accounts
User accounts in Active Directory can only be created by ITS automatic provisioning infrastructure or by the Identity and Access Management Group.
...
If the vendor will be doing work that requires privileged access they will be required to use a vendor administrative account using the established Privileged Access Standard. The account may only be used for the purpose it was created for and will be stored in the OU Admin and can only be acted on by Domain Admins.
(Should we put specific password requirements on these accounts?)
Non-personal Accounts
A non-personal account is created for a service, application or a group to gain access. The manager/owner? of the account is responsible for the use of the account and (wording about renewals, expirations, etc).
...
Event access account will not be granted administrative privileges to any system and should not be used to authenticate services or applications to Active Directory or LDAP 389.
(Should we put specific password requirements on these accounts?)