Translated with

  • KIT Service Account

  • A KIT service account is used to uniquely identify a service in the IT environment of an organizational unit (OU).
    For this purpose, the OU administrator / ITB applies for a neutral service account for a service, under which this service can then be executed.


A KIT service account (also KIT service account) allows to establish services in an IT environment of an OU by means of an own account, i.e. the service is operated under its own account. An example would be the operation of an application server (e.g. web server), which is then assigned to its own account in the network. This makes it uniquely identifiable and it is started only with the permissions assigned to this account.
This results in a wide range of application scenarios, since a specially defined account can be used for each special service that is operated within an OU or for an OU. This ensures, for example, that the service continues to function smoothly when a service operator leaves, since this account is independent of the respective employee accounts.
To make this possible, a KIT service account receives an entry in the central KIT directory services (KIT-Active-Directory and KIT-LDAP) with its own user ID (unixUidNumber) and the unixGidNumber of the requesting OU. The account is created in the employee branch of the OU within KIT-AD and is thus visible to the ITB. The ITB of the OU is responsible for the assignment of permissions, allocation to AD groups or anything else in connection with the service account.


Application by means of an e-mail to the service desk of the SCC. ITBs can apply for a service account directly using the application form.
The following information is required: OU abbreviation, service name, KIT login of the ITB of the OU (i.e. of the applicant), short description of the service to be established under this account, e.g. service account for fax server or network scanner services ...
After the service account has been registered, the ITB distribution list of the requesting OU receives an e-mail with the important parameters of the account and how, for example, the password can be changed.


Information about the cancellation / deactivation also via ticket application form to the SCC service desk, which then blocks the corresponding account.

Included services

Entry as own account in KIT-AD and KIT-LDAP with own User-ID (unixUidNumber) and the unixGidNumber of the requesting OU. The account will be added to the global AD group "Domain Users".

Services not included

No management of the account, i.e. no adjustments to the "neutral" account by SCC, this is the responsibility of the ITB of the organizational unit. No email address / mailbox is associated with this account.

Organizational requirements

Applicant must be ITB of the applying OU.

Technical requirements

OU must be available as organizational unit also in Active Directory.