If you are having trouble with your password for Active Directory when logging in to email or other systems connected to Active Directory, please follow these instructions to troubleshoot your account.

1. Go to http://arms.wacoisd.org.
2. Try logging in with your username and password first.
3. If you can log in, then use those credentials to log in to email and other systems.
    a. If you still can't log in to a specific system, then the problem might be with that specific system. Submit a work order for someone to help you troubleshoot your problem.
4. If you can't log in, click Forgot my password
5. Enter your username and click Next.
6. Answer 2 of your 5 security questions. Click Next.
    a. If you have forgotten the answers to your security questions, please contact the Technology Help Desk at ext. 2308 or helpdesk@wacoisd.org
7. Reset your password.
   a. If you receive the error that the system was unable to authenticate at this step, your password might be expired. Follow the instructions at How to Change Your Password to check if your password is expired and change it.
8. On success, use this new password for email and other systems.
    a. If you still can't log in to a specific system, then the problem might be with that specific system. Submit a work order for someone to help you troubleshoot your problem.

What Is ARMS?

Active Directory (AD)?

Active Directory (AD) is a database to store user login, group, and configuration information that drives group policy and other application software. Windows uses AD as a repository for configuration information. One of the primary uses is the storage of user login credentials (AD usernames/passwords) so that computers can be configured to refer to this database to provide a centralized single sign-on capability for large numbers of machines (called "members" of the "Domain"). Other software systems such as email, eSchool, etc. can be configured to authenticate using the same credentials from AD.

Versions of the Windows operating system also can perform installations of software, make modifications to the user's environment (desktop, Start menu, the behavior of application programs, etc.) by using the Group Policy.

adapted from http://serverfault.com/questions/18339/active-directory-explained

Another way to think about Active Directory (AD) is to use the metaphor of the Yellow Pages. When a person looks in the Yellow Pages to find Auto Repair, Auto Body Repair, or a Collision Center, Joe of Joe’s Auto Repair wants his business to be found.  He requests to have his company name listed under those subject headings and the Yellow Pages’ staff ensure Joe can be found in those categories.

By using information retrieved from the HR System such as name, job assignment, and location assignment, profiles for staff will be created upon hiring and those profiles will be assigned to groups.   Student accounts will be created using the same method retrieving information from eSchool+.

Security, Features, and Changes with Active Directory

With the implementation of Active Directory district-wide, there is a number of new improvements and changes for users on our network. Here are some of the features and changes that affect you.

Features

Single Sign-On: One username and password now gives you access to First Class, logging on to computers, proxy override, and the new Help Desk system. We are working on integrating more of the district systems into Active Directory to make remembering and managing your username and password easier.

Improved Security: Active Directory sets policies for users and computers throughout the district that make our network more secure. Just one example, when Microsoft updated Internet Explorer (IE) to version 10 and pushed the update to Windows computers. eSchool does NOT work with IE 10 and many users had problems because of this. The solution was to manually uninstall IE 10 and revert back to IE8. With Active Directory we can set a policy that prevents all computers on our network from upgrading to a version of IE that is not compatible with the software we use.

Security Features

Executables: Users are no longer allowed to download or run executable files or installers (files that end in .exe). This is for several reasons. We are working toward standardizing software that is used in the district in conjunction with the Curriculum Department. Users often install software unintentionally or otherwise that is not licensed by the district and therefore not legal to be used on district equipment. This policy also prevents harmful viruses and malware from deploying on district equipment, being unintentionally installed by users or installed by malicious websites.

Desktop background:  Users are also no longer able to change their backgrounds. District staff will have the default windows background. All students will have a black background. This security feature will allow you to tell at a glance whether someone is logged in with a staff or student account. So, if you ever see a student on a computer with a windows background, you should tell them to log off immediately, report it to your campus and to the Technology Department. This could mean that a staff account has been compromised.

If you need help with installing a critical program on your computer, please see "Changes" below.

Changes

Additional Software Request: We have a new process for requesting the installation of additional software for computers. You need to first get written approval from your principal. Then you need to create a work order and attach that approval to the work order. Then the Technology Department will review your request to ensure that memory, network, or other hardware/software conflicts will not occur. If approved by both your principal and our department, a technician or approved staff person will install the software.

 For security purposes, Active Directory passwords expire on a regular basis. First Class caches (temporarily saves) your credentials and will allow you to log in even if your AD password expires. However, the proxy override, Help Desk system, computer logins, TEAMS, and other systems will not work when your password is expired. There are three ways to change your password.

1. Log into AD

To check if your password is expired log in to a machine on Active Directory. You will get a notification before your password expires.

If your password is expired, when you try to log in to a computer on Active Directory you will get a message saying that it is expired and asking you to change it.

Click OK to change your password.

Your new password must still conform to the complexity requirements for Active Directory:

• Not contain user's account name or parts of user's full name that exceed two consecutive characters
• Not contain spaces
• Be at least 8 characters in length
• Contain an English uppercase character (A-Z)
• Contain an English lowercase character (a-z)
• Contain at least one number (0 through 9)
• Contain at least one non-alphabetic character (For example !, $, @ or #)

You will get a message that you have successfully changed your password. Once you log in to First Class with your new password the old password will no longer work. All other systems that use your Active Directory account will now work with the new password.

2. CTRL+ALT+DELETE

You can also change your password on an Active Directory machine by pressingCTRL+ALT+DELETE and clicking Change a password…

3. Arms

Your third option, or only option when on a Mac or a Chrome Book, is to go to  arms.wacoisd.org (our password management tool).  When you click on this link it will take you to RapidIdentity, please log in with your Active Directory username and password.

If your password is expired, upon logging in you will see this message. Click on "Click here to reset your password"

Once you have logged in, please go to the top left hand side, make sure you are under the "My Profile" tab.  Then click the Change password button. 

What if I forgot my password?

1. Go to http://arms.wacoisd.org.
   2. Click Forgot my password
   3. Enter your username and click Next.
   4. Answer 2 of your 5 security questions. Click Next.
       a. If you have forgotten the answers to your security questions please contact the Technology Help Desk at ext. 2308 or helpdesk@wacoisd.org, who will reset your password to the default.
   *Default password configuration: Capital first initial+lowercase Lastname initial+ @# + last 4 of employee ID#                     (eg: John Doe = Jd@#****)
2. Reset your password.
         a. If you still can't log in to a specific system, then the problem might be with that specific system. Submit a work order for someone to help you troubleshoot your problem.

The next step toward having a single sign-on for many of the systems used in the District is for all users to set up their password and security questions in the Access-Request Management System (ARMS). This will be the password management site for your Active Directory (AD) user account. In the future, if you forget your password you will go to the site listed below to start the recovery process.

Changing Your Password

1. Go to arms.wacoisd.org. NOTE: arms.wacoisd.org is only accessible from within the District network. It WILL NOT work from home or outside the District network.)
2. Login using your new AD username.
3. The default password for your account adheres to the following format:[uppercase first initial][lowercase last initial]@#[last four digits of your employee ID#]. For example, Jon Smith’s employee ID # is 12345. His default password is Js@#2345.                                                                                                                    

4. On your first login, you will get the message “Your password has expired and must be updated before continuing”. Click the highlighted text that states “CLICK HERE to change your password.”

5. Read the password requirements carefully, type in and verify your new desired password.

6. The “Next” button will be grayed out until you have met the minimum password requirements.

   Note: if you receive the message “The new password does not meet the target directory’s password policy” you may be using trying a password you’ve recently had.                        

7. When you receive a message stating you have successfully changed your password, you can begin using your AD password on the other systems.