...
Personal NetID accounts are systematically created by ITS and stored in the Organizational Unit (OU) called People in both Active Directory and 389. These accounts are not allowed to be moved out of their assigned OU by any person or service other than ITS' Identity and Access Management SystemGroup. Nor does ITS allow departments to apply policies to these objects.
The use of NetID accounts is limited to non-privileged user activities such as accessing email, file shares, web browsers, workstations, and nonprivileged access and non-privileged application access. These accounts will not be granted administrative privileges on hosts or used to authenticate services or applications to Active Directory.
...