Solved

Managed Service Accounts Questiion

Posted on 2016-09-19
2
23 Views
Last Modified: 2016-10-08
What are the requirements for managed service accounts from the AD perspective?
Also, what should be the schema requirements?
Should there be at least (1) 2012 DC in the environment?
Does it only use that 2012 DC once it is established? Or all DCs in the environment?
0
Comment
Question by:IT_Admin XXXX
  • 2
2 Comments
 
LVL 1

Accepted Solution

by:
Silverwolf earned 500 total points (awarded by participants)
ID: 41805638
Managed Service Accounts was introduced in 2008 R2. So as long as the domain functional level is at least at 2008 R2, you can use them. Group Managed Service Accounts however, were introduced in 2012. For those, you need the domain functional level to be at 2012.

The catch with the domain functional level is that all DC's need to have at least that OS or higher. So for a domain functional level of 2008 R2, you could have 2 DC's. One with a 2008 R2 OS and the other with 2012 OS. They just can't be an earlier edition of OS. See the links below for more details.


Managed Service Accounts:  https://technet.microsoft.com/library/dd548356(v=ws.10).aspx
Group Managed Service Accounts:  https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
Domain Functional Level Requirements:  https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspxhttps://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
0
 
LVL 1

Expert Comment

by:Silverwolf
ID: 41834903
Received this email:

 Hi Silverwolf,

The following question you participated in has been inactive for 14 days: Managed Service Accounts Questiion

No new comments can be added to the question. You can still help resolve it by choosing the comment(s) with the most merit and following the prompts to close the question.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question