HR will inform IT and the hiring manager when a candidate has accepted the offer for an open position. When a new hire's supervisor submits a User Add Form (hopefully at least a week in advance), the Service Desk may proceed with setting up the new user. Verify that the user name listed in the User Add Form matches the name as listed in HR's notification email. All users are added to the three systems below by the IT Service Desk.
Active Directory
In AD, create a new user. If the Add Form lists an "existing user" to model after, search that existing user in AD, then right-click and Copy*.
Enter user's name and a temporary password (usually Pa$$word and the start date, e.g. Pa$$word01012020).
If the user name already exists, contact HR and ask for the new hire's middle initial (e.g. jsmith vs. jcsmith).
Ensure the box to have user "change password at next login" is checked, as well as the "Password never expires" box (effective 1/20/26, passwords will no longer expire).
Type the new hire's employee ID # into the Description and Web Page fields.
*Add phone extension and full phone number into the Telephone number field. (This is a required field so that the user will appear in the intranet directory. See second bullet below under "Next Steps" for more info on this.)
Float staff: Simply put "See Float Schedule."
Under the Account tab:
- Under User Logon Name, make sure the dropdown is set to the UPN for the specific company he/she will be working for (i.e. if FMHC, should be @firstmutualholding.com, not @ffl.net).
- Under Account Options, check the "This account supports Kerberos AES 256-bit encryption" box.
OLD (no longer needed with MS OneDrive): Under the Profile tab, set the Home Folder to connect to the U:/ drive and specify the exact path (e.g. for FMHC/FFL employees, \\earth.ffl.net\users\[username]).
Under the Organization tab, verify the Job Title, Department, and Manager fields.
In the Attribute Editor tab, go to ProxyAddresses and add a record for SMTP:(email address)
Go to TargetAddress and add SMTP:(username)@FMHC.onmicrosoft.com
For returning employees, locate the user in the Former Employees OU. Right-click and Enable. Right-click and Move to the correct folder.
Add access groups as required in the Member Of tab.
For FFL branch employees:
- Universal Banker 1 should be assigned to the Dynacore-Teller group.
- Universal Banker 2 should be assigned to the Dynacore-Head Teller group.
- Universal Banker 3 should be assigned to the Dynacore-Financial Counselor group.
If mirroring an existing employee, make sure the new employee is removed from the following groups:
- Adobe Acrobat DC Standard Users group, unless specifically requested by the manager.
- SP (Page) Members group for Sharepoint admin access, unless specifically requested by the manager.
- (company) Managers & Supervisors group, unless the new hire themselves is a manager/supervisor.
Email / Office 365
Once user is added, Office 365 will sync with Active Directory and the user will appear in the O365 Admin portal. There, the appropriate Microsoft license (usually E3) will be assigned and a mailbox will be created for the user.
- Search user's name, verify E3 is selected
Add user to any shared mailboxes needed (e.g. for retail/branch employees, add to the appropriate Appointment mailbox).
- Teams & groups --> Shared mailboxes --> search for appropriate box --> click in and open Members --> add user
In Outlook, add the new user to the invite for each of the eleven bank holidays listed on the FMHC Holiday Calendar.
BAE / SilverSky - to allow receipt of external emails
Go to User Management --> Add User
Enter name, email address, and temporary password (example: Pa$$word1). Add an alias if applicable.
Create to save and add to user form
Next Steps
- Document all steps you completed in a private note in the User Add ticket.
- *If applicable: Assign the user an internal phone extension and note the extension, full phone number/DID, voicemail PIN & AT&T login password on the Add Form. (Universal Bankers, CRC agents, and other branch staff generally do not get a specific extension assigned to them. Branch staff should have their branch's extension and full phone number listed in their AD profile.)
- Default Temp PIN: 753638; Default AT&T Office@Hand Temp Password: Phones(year)! (e.g. Phones2023!)
- Ensure that the extension is NOT forwarding to another employee under Call Handling, and that all greetings and voicemail recordings are reset to the default.
- Check the User Add Form for other applications the supervisor has requested for their new employee (e.g. Cleartouch, WireXchange, CoreTrac/CRM, etc.). IT can set up some of these, but other teams might need to get involved (see below).
- Wait to set up Cleartouch until close to the user's start date, as the password can expire in a short time. Make sure to also set up the new CT user in Passport, the security side of CT.
- For all branch staff who handle transactions, make sure the "Mandatory Cash Counter" box is checked.
- NEW as of January 2024: New employees at FMB and MFSB who get set up in live Cleartouch should also be set up in the CT training bank (100D) separately. The member bank's CT admin (if one exists) may already set up the user in live CT, so all IT needs to handle is setting up the user in 100D with the same user name and teller number. (As of Feb. 2025, Warsaw & Blue Grass employees use shared/generic login credentials for the training bank.)
- Universal Bankers cannot get WireXchange until they complete the required training and we receive their completion certificate.
- Update the User Add form (page 2) with all the credentials you assigned, then upload the revised PDF to a note in the ticket.
- Assign the User Add ticket to other teams as necessary:
- If the supervisor has requested CoreTrac/CRM, Encompass, Finastra, or Prologue access, assign the ticket to Enterprise Systems
- Prologue access must be approved by Chris Miller in Accounting as we are limited on licenses. In branches, only managers get Prologue access, not assistant managers or lower roles.
- For CoreTrac/CRM, send an email to the Enterprise Systems team with the new user's employee ID # and CT teller #
- If the supervisor has requested member bank Cleartouch, Data Warehouse/Cognos, or DocuSignaccess, assign the ticket to the Core or Data team
- Member bank Cleartouch & DocuSign: AlloBaaS Cleartouch queue
- Data Warehouse/Cognos: AlloBaaS Data/Reporting queue
- For Five9, send an email to Joe Walker in the CRC with the new user's employee ID # and CT teller #
- If the supervisor has requested CoreTrac/CRM, Encompass, Finastra, or Prologue access, assign the ticket to Enterprise Systems
- For branch employees: Remote into the branch's scanner(s) and add the new user's email address to the Address Book.
- Open the Printer List, find the main branch printer and copy/paste the IP address into a web browser
- Log into the printer using the Ricoh/MFP credentials in KeePass --> Device Management --> Address Book --> Add User --> add full name in "Name" and "Key Display" field, add email in Email Address field. OK to save.
- Verify the user is appearing in Duo and set them to Bypass mode so they can get logged in on their first day. As of March 2025, the Duo enrollment link email should automatically be sent to them as soon as their user syncs in Duo after they are set up on the network. They can enroll after we set them back to Active mode that morning.
Once the User Add form is completely filled out:
- Send a copy to the hiring manager/supervisor (by Thursday of the preceding week) so the new hire has all their login credentials for Day 1. Universal Bankers: Send copy to Melinda Fellenstein & Jennifer Sebastian as the Retail trainers who will be working with the new hires' coaches. Retail Ops will also contact the necessary admins of other systems listed on the second page of the User Add form to get the new employee set up there as well (Harland, Brand Hub, Q2 Console, Web Capture, JP Morgan, Independence Business Supply, FedEx, Fiserv Instant Issue Supplies, Medallion Signature Guarantee, and Five9).
- Remind branch managers that they need to submit a ticket for each branch where the UB will need teller #s assigned
- Verify the user is appearing in the intranet employee/phone directory.
- Email the new hire with instructions on enrolling in ADSSP (the Windows self-unlock tool)
- Assign the User Add ticket to Jon Densmore for the Access Auditor review to be completed by the hiring manager (do NOT close the ticket)
Troubleshooting
*Occasionally, when copying an existing AD user to create a new one, you might encounter the following error message:
"Windows cannot create the object because: The name reference is invalid."
To resolve, you might need to manually go into the user's AD profile and clear out the ShowinAddressBook attribute under Attribute Editor.
Source: https://www.heelpbook.net/2015/active-directory-object-username-error-the-name-reference-is-invalid/
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article