Tuesday 26 March 2024

GMSA Account Creation

For SQL Server 2012 Version (Windows Server 2016), Use Service Account
For SQL Server 2016 Version (Windows Server 2016), Use Group Managed Service Account (GMSA)
    • Steps to create the Group Managed Service Account:
      $Group="DB1"
      $HostName=""
      Import-Module ActiveDirectory
      New-ADGroup -Name $Group -SamAccountName $Group -GroupCategory Security -GroupScope Global -DisplayName "SQLServer GMSA Account" -Path "OU=Groups,OU=Windows 2016,OU=Ser,OU=ITDept,DC=dd,DC=aux,DC=intranet" -Description "Members of this group are SQL Server GMSA"
      Add-ADGroupMember -Identity $Group -Members $HostName
      New-ADServiceAccount -name $Group -DNSHostName $($Group).com.au -PrincipalsAllowedToRetrieveManagedPassword $Group
      Add-ADGroupMember -Identity $Group -Members $HostName
    • Check with the Windows Team to see if the Group Managed Service Account is added to correct Group Policy.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)