Hi,
I'm trying to use Managed Service Accounts with Windows Server 2012 and SQL Server 2012. I had read lots of tutorial and the teched documentation but I'm still misunderstand some part of the subject because of the fact that in Windows Server 2012 the Managed Service Account are now "group Managed Service Account".
The only way I've succeed to use them is like this :
### # On the Active Directory server # Creation of a security group New-ADGroup SecurityGroupName -GroupCategory Security -GroupScope Universal # Add the machine in the security group Add-ADGroupMember -Identity "Group name" -Members "CN=MachineName,CN=Computers,DC=domain,DC=local" # Creation of the Managed Service Account New-ADServiceAccount AccountNamesvc -PrincipalsAllowedToRetriveveManagedPassword SecurityGroupName -DNSHostname AccountNamesvc.domain.local # Creation of the computer identity Add-ADComputerServiceAccount -identity MachineName -ServiceAccount AccountName ### # On the machine wich will use the service account restart-computer #... Install-ADServiceAccount -Identity AccountName
The problem with my solution is that I need one security group per service account. I think this is not the right solution. This solution could be interesting in the case of a cluster to be able to use the same service account on more than one machine. So the question is : Is there a better way to create service account to have one service account on one machine ?
Thank you