Tuesday, 26 March 2024

GMSA Account Creation

For SQL Server 2012 Version (Windows Server 2016), Use Service Account
For SQL Server 2016 Version (Windows Server 2016), Use Group Managed Service Account (GMSA)
    • Steps to create the Group Managed Service Account:
      $Group="DB1"
      $HostName=""
      Import-Module ActiveDirectory
      New-ADGroup -Name $Group -SamAccountName $Group -GroupCategory Security -GroupScope Global -DisplayName "SQLServer GMSA Account" -Path "OU=Groups,OU=Windows 2016,OU=Ser,OU=ITDept,DC=dd,DC=aux,DC=intranet" -Description "Members of this group are SQL Server GMSA"
      Add-ADGroupMember -Identity $Group -Members $HostName
      New-ADServiceAccount -name $Group -DNSHostName $($Group).com.au -PrincipalsAllowedToRetrieveManagedPassword $Group
      Add-ADGroupMember -Identity $Group -Members $HostName
    • Check with the Windows Team to see if the Group Managed Service Account is added to correct Group Policy.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)