In this hands-on lab, you will learn how to create and deploy a group Managed Service Account.
Successfully complete this lab by achieving the following learning objectives:
- Configure the Environment
Log in to both VMs and then join the
- Configure the KDS Root Key
Next, we need to configure our KDS root key.
Helpful Hint: Keep in mind that you have to set it back 10 hours or it won’t take effect when you need it to.
- Create a Global Group
Create a global group named
SandyGroupand add both servers into this group.
- Create a New gMSA
We are ready to create the group Managed Service Account. In this objective, create a gMSA and include
SandyGroupas the principal allowed to retrieve the managed password.
- Test the gMSA
Finally, we will test the gMSA by creating a task in the scheduler that opens
Notepad.exeusing the gMSA instead of standard computer privileges.