Create a Managed Service Account using RSAT for Windows 8.1

I always forget this so I figure it is worthy of a blog post.

I use the RSAT for Windows 8.1 tools and the default, when creating a managed service account is that the account gets created as a group managed service account. So what is the parameter to make the account work on Windows 2008 r2 systems (since they don’t support gMSAs)?

new-adserviceaccount -restricttosinglecomputer

If, after creating the account you run a get-adserviceaccount notice that the objectClass is “msDS-ManagedServiceAccount” and not “msDS-GroupManagedServiceAccount”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s