Steps for setting up service accounts in AD
I was wondering if there is a good document out there with the steps for setting up Service Accounts in AD?
We have some servers that have services that are using domain admin accounts and we want to replace these accounts with service accounts.
We have some servers that have services that are using domain admin accounts and we want to replace these accounts with service accounts.
create user account with some unique name so that by name the respective service can be identified for which it is created
Set password to never expires
Set service account password to complex one so that it cannot easily identified and put it in lockbox / file
Do not share password with anybody
Create FGPP and define setting that account lockout threshold will be like 50 / 100 etc so that account won't lockout easily by intruders guess. finally apply this FGPP to service account or Ad group containing service accounts
Finaly grant those service account logon as service rights on servers where you deploying them
These are guidelines I feel, one might give you more hints
Set password to never expires
Set service account password to complex one so that it cannot easily identified and put it in lockbox / file
Do not share password with anybody
Create FGPP and define setting that account lockout threshold will be like 50 / 100 etc so that account won't lockout easily by intruders guess. finally apply this FGPP to service account or Ad group containing service accounts
Finaly grant those service account logon as service rights on servers where you deploying them
These are guidelines I feel, one might give you more hints
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not exactly sure which software you are using with the service accounts. But you could use PowerShell for this.
First, to make the account:
Open in new window
New-ADServiceAccount DocsThen modify the settings for the account:
Open in new window
Set-ADServiceAccount DocsThen install the service account as needed:
Open in new window
Install-ADServiceAccount DocsHopefully these docs and commands help you out!
Devin Becker