Solved

Managed Service Accounts Questiion

Posted on 2016-09-19
2
27 Views
Last Modified: 2016-10-08
What are the requirements for managed service accounts from the AD perspective?
Also, what should be the schema requirements?
Should there be at least (1) 2012 DC in the environment?
Does it only use that 2012 DC once it is established? Or all DCs in the environment?
0
Comment
Question by:IT_Admin XXXX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 1

Accepted Solution

by:
Silverwolf earned 500 total points (awarded by participants)
ID: 41805638
Managed Service Accounts was introduced in 2008 R2. So as long as the domain functional level is at least at 2008 R2, you can use them. Group Managed Service Accounts however, were introduced in 2012. For those, you need the domain functional level to be at 2012.

The catch with the domain functional level is that all DC's need to have at least that OS or higher. So for a domain functional level of 2008 R2, you could have 2 DC's. One with a 2008 R2 OS and the other with 2012 OS. They just can't be an earlier edition of OS. See the links below for more details.


Managed Service Accounts:  https://technet.microsoft.com/library/dd548356(v=ws.10).aspx
Group Managed Service Accounts:  https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
Domain Functional Level Requirements:  https://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspxhttps://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
0
 
LVL 1

Expert Comment

by:Silverwolf
ID: 41834903
Received this email:

 Hi Silverwolf,

The following question you participated in has been inactive for 14 days: Managed Service Accounts Questiion

No new comments can be added to the question. You can still help resolve it by choosing the comment(s) with the most merit and following the prompts to close the question.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question