Managed Service Accounts


Prerequisites

To use Managed Service Accounts you must meet the following requirements:

Domain: functional level Windows Server 2008 R2
Active Directory Users and Computers will show you a container called Managed Service Accounts just below the root of the domain.
Server or client on which the account is created or used: Windows 2008 R2, Windows 7 or higher .NET Framework 3.5x or higher Powershell Active Directory module for Windows PowerShell

Create a Managed Service Account

There’s no GUI tool that you can use, but the powershell command is easy. Just open Active Directory Module for Windows Powershell and execute the command:

New-ADServiceAccount [accountname]

After this the account will be available in ADUC in the container Managed Service Accounts.

Install a Managed Service Account

To use the MSA you have to install it on the computer. To do this run the following command with Active Directory Module for Windows Powershell.

Install-ADServiceAccount [accountname]

NOTE: On Windows 2008 R2 and Windows 7 you can use a MSA on one computer only. On Windows 8 it will be possible to use it on multiple computers.

Configure a service

To configure a service to logon with the Managed Service Account just open the service’s properties tab Log On and search for the account like you normally would, but make sure the password boxes are left empty. You will notice that a $ sign is added to the account.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: