Managed Service Accounts (For Single Machine)

PowerShell is required to create a service account. Once created it can be managed  in the GUI.


#Create the MSA

New-ADServiceAccount -Name MyAppSrv -RestrictToSingleComputer

#Add the Machine to be used with the account

Add-ADComputerServiceAccount -Identity SRV-01 -ServiceAccount MyAppSrv

#You can test to see if it is working (it won't... yet)

Test-ADServiceAccount -Identity MyAppSrv

#Finally, install the account and test again

Install-ADServiceAccount MyAppSrv

Test-ADServiceAccount -Identity MyAppSrv

#Next, Configure the service to use the account.

Go to your service you wish to run on a service account, on the logon tab, set the credentials for the service as a network account. Use the browse button to find your MSA. Remove the pre-populated password from the fields and save.



Add comment