User accounts can reside in several places within Active Directory (AD) including Organizational Units (OUs) in the root domain and in a special OU of the root domain called the People OU. U-M Windows Central Accounts give departmental Windows admins the ability to manage user accounts. User AD accounts are automatically provisioned when users get their U-M uniqname.
In order to manage their own user accounts in the root domain, departments must have a delegated OU. To request a new delegated OU, see Joining the Active Directory (UMROOT) Forest as a Delegated Organizational Unit.
For more information and background on this service, see Active Directory Central Accounts Service Purpose.
User Account Attributes
Departmental AD administrators may modify AD attributes that do not impact users' use of U-M resources, such as the Campus Computing Sites and Libraries. For details, see Description of Attributes ACLs Assigned to Accounts OU.
Moving Users to/from Delegated OUs
Administrators of delegated OUs in AD (UMROOT) can move user accounts from the People OU to their delegated OU to help manage user and computer settings. See Moving Users to/from Delegated OUs.