Thursday, 9 June 2016

Managed service accounts in Windows Server 2016

Posted by: Ashwin Venugopal

Advantage of Managed service accounts in Windows Server 2016
  1. Automatic password management.
    • A managed service account can automatically maintains its own password, including password changes.
  2. Simplified SPN management.
    • SPN management can be automated if the Active Directory domain is configured at the Windows Server 2008 R2 domain functional level.
      • Which means if the samAccountName (Computer Name) property of the computer is changed, or the DNS host name property is modified, the managed service account SPN changes automatically from the old name to the new name for all managed service accounts on that hostname.
Creating a Managed service accounts in Windows Server 2016
  1. Create the Managed service accounts in AD.
    • New-ADServiceAccount MSA1 -Enabled $true
  2. Associate the Managed service accounts with a computer in AD.
    • Add-ADComputerServiceAccount -Identity <Target computer to which MSA will be assigned> -ServiceAccount <MSA you just created (MSA1)>
  3. Install the Managed service accounts on the target computer that was just now associated.
    • Install the following on target computer.
      • Active Directory Module for Windows PowerShell
      • .NET Framework 3.5.1 Feature
    • Run the below commands on PowerShell.
      • Import-Module ActiveDirectory
      • Install-ADServiceAccount -Identity <MSA you just created (MSA1)>
  4. Now, Configure the service(s) on this target computer to use this Managed service accounts.
Thanks for reading

No comments:

Post a Comment