...
All users who have elevated access to a system or service will have one secondary account used solely for tasks that require greater administrative access. These accounts will be created and maintained in the OU Admin in Active Directory and can only be acted on by Domain Admins. In 389 these accounts are stored in the OU People and access is restricted to System Admins.
This account will be tied to an individual user and that user will be responsible for keeping the account secure. For more details on privileged accounts and their use please refer to the Privileged Access Standard.
The password for this account must follow the Network Password Requirements and cannot be the same as your personal account. If available, the account and password should be stored in the University Controlled Password Manager.
Vendor Account
A vendor account can be requested for a vendor only after a contract is in place. The account will follow the naming convention as established in the Privileged Access Standard and is limited to non-privileged user activities such as using the University VPN. These accounts will be created and maintained in the OU Generic in Active Directory, and in People for 389.
...