Solved

Managed Service Accounts Questiion

Posted on 2016-09-19
2
21 Views
Last Modified: 2016-10-08
What are the requirements for managed service accounts from the AD perspective?
Also, what should be the schema requirements?
Should there be at least (1) 2012 DC in the environment?
Does it only use that 2012 DC once it is established? Or all DCs in the environment?
0
Comment
Question by:IT_Admin XXXX
  • 2
2 Comments
 
LVL 1

Accepted Solution

by:
Silverwolf earned 500 total points (awarded by participants)
ID: 41805638
Managed Service Accounts was introduced in 2008 R2. So as long as the domain functional level is at least at 2008 R2, you can use them. Group Managed Service Accounts however, were introduced in 2012. For those, you need the domain functional level to be at 2012.

The catch with the domain functional level is that all DC's need to have at least that OS or higher. So for a domain functional level of 2008 R2, you could have 2 DC's. One with a 2008 R2 OS and the other with 2012 OS. They just can't be an earlier edition of OS. See the links below for more details.


Managed Service Accounts:  https://technet.microsoft.com/library/dd548356(v=ws.10).aspx
Group Managed Service Accounts:  https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
Domain Functional Level Requirements:  https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspxhttps://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
0
 
LVL 1

Expert Comment

by:Silverwolf
ID: 41834903
Received this email:

 Hi Silverwolf,

The following question you participated in has been inactive for 14 days: Managed Service Accounts Questiion

No new comments can be added to the question. You can still help resolve it by choosing the comment(s) with the most merit and following the prompts to close the question.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now