How to create a Managed Service Account
New since Win2k8 R2
Instead of using User Accounts for services you can create Managed Service Accounts now. The advantage is that it also changes the password every 30 days automatically like in the computer accounts. You can find the managed user accounts here:
Active Directory User and Computers\Managed Service Accounts
1. Run Active Directory Module for PowerShell
2. Add-KDSRootKey
For LAB Environment to not wait the 10 hours to repliacte type instead:
Add-KDSRootKey –EffectiveTime ((Get-Date).AddHours(-10))
2. New-ADServiceAccount –Name WebTest –DNSHostname servername –Passthru
Without –Passtrhu you don’t have any feedback
3. Add-ComputerServiceAccount –identity web01 –ServiceAccount WebTest –Passthru
You can check the settings in more details if you run adsiedit.msc.
Now you can use this service for example for services.
1. Run services.msc
2. Right Click on a Service\Properties\Log On\
This Account:
domain\yourcreatedaccount$
3. You don’t need to put a password
admin on July 15th 2013 in Windows Server