Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

Group Managed Service Accounts

Posted on February 23, 2021 By rich No Comments on Group Managed Service Accounts

#Create KDC root Key (This command takes 10 hours to take effect)

 

Add-KDSRootKey -EffectiveImmediatly
#Install a Group Managed Service Account and configure it to work with the "Web Servers" group and a DNS CNAME which resolves to all machines.
New-ADSeriveAccount -Name GroupMSAAccount -DNSHostName WebClusterA.mydomain.local -PrincipalAllowedToRetrieveManagedPassword "Web Servers"
#Target machines need the RSAT-AD-PowerShell feature instralled
Invoke-Command -ComputerName Web01,Web02,Web03 -ScriptBlock { Install-WindowsFeature RSAT-AD-PowerShell }
#Install the GMSA
Install-ADServiceAccount GroupMSAAccount
#On the target server
Install-ADServiceAccount GroupMSAAccount
Test-ADServiceAccount -Identity GroupMSAAccount

Go to your service you wish to run on a service account, on the logon tab, set the credentials for the service as a network account. Use the browse button to find your MSA (You’ll need to change the location to the domain to find the account instead of the local machine. Remove the pre-populated password from the fields and save.

Post navigation

❮ Previous Post: Get server or computer memory usage via PowerShell (Ideal for server core)
Next Post: One Drive character limit | PowerShell to find file path character length | File Path Character Limit ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown