group managed service account RRS feed

  • Question

  • Please do guide me with creation of service account. i want to use this account for sql installation and for other services.

    import-module ActiveDirectory
    dir "AD:CN=Managed Service Accounts,DC=mydomain,DC=com"
    New-ADServiceAccount sqladminsvc -PrincipalsAllowedToRetrieveManagedPassword sqlgroup -DNSHostname sqlsrv2012.mydomain.com

    Add-ADComputerServiceAccount -Identity sqlsrv2012 -ServiceAccount sqladminsvc -PassThru

    Add-ADComputerServiceAccount -Identity sqlsrv2012 -ServiceAccount sqladminsvc 

    do i need to give passthru 

    on my sqlserver i have installed the service account.

    1.  from my domain controller when i type the below command i cannot see mysql server computer account binding.
    PS C:\Windows\system32> Get-ADServiceAccount -Identity sqladminsvc | select HostComputer


    2. in the manage service account i can see my service account(sqladminsvc).do i need to give any king of privileges here like domain admins full control, do i need to add the computer account here. also for the security group which i created i just added the computer account to it, do i need to give any more permissions

    When i am running on domain controller
    3. PS C:\Windows\system32> Test-ADServiceAccount  sqladminsvc$

    Test failed for managed service account sqladminsvc.If standalone managed service account, the account is linked to another computer object in the active directory. If the group managed service account, either this computer does not have the permission to use the group MSA or this computer doesnot support all the kerberos encrption types required for the gMSA

    When i am running on sql server

     PS C:\Windows\system32> Test-ADServiceAccount  sqladminsvc$


    Sunday, May 4, 2014 8:02 AM


All replies