Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Managed Service Accounts Questiion

Posted on 2016-09-19
2
Medium Priority
?
30 Views
Last Modified: 2016-10-08
What are the requirements for managed service accounts from the AD perspective?
Also, what should be the schema requirements?
Should there be at least (1) 2012 DC in the environment?
Does it only use that 2012 DC once it is established? Or all DCs in the environment?
0
Comment
Question by:IT_Admin XXXX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 1

Accepted Solution

by:
Silverwolf earned 2000 total points (awarded by participants)
ID: 41805638
Managed Service Accounts was introduced in 2008 R2. So as long as the domain functional level is at least at 2008 R2, you can use them. Group Managed Service Accounts however, were introduced in 2012. For those, you need the domain functional level to be at 2012.

The catch with the domain functional level is that all DC's need to have at least that OS or higher. So for a domain functional level of 2008 R2, you could have 2 DC's. One with a 2008 R2 OS and the other with 2012 OS. They just can't be an earlier edition of OS. See the links below for more details.


Managed Service Accounts:  https://technet.microsoft.com/library/dd548356(v=ws.10).aspx
Group Managed Service Accounts:  https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
Domain Functional Level Requirements:  https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspxhttps://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
0
 
LVL 1

Expert Comment

by:Silverwolf
ID: 41834903
Received this email:

 Hi Silverwolf,

The following question you participated in has been inactive for 14 days: Managed Service Accounts Questiion

No new comments can be added to the question. You can still help resolve it by choosing the comment(s) with the most merit and following the prompts to close the question.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question