Hi All,
A few questions regarding gMSA's. I've created the KDS Root Key and the AD Schema was already at a Server 2016 level (DC is on a Windows 2012 server). But checking AD, I do not have a Managed Service Accounts container, is this something that is created automatically? Or should I add it via ADSIEdit.
Also, running the command below always asks me to specify a location to create it. If I create the account in any container other than the Manager Service Accounts container, does that create and issue? Or is it ok?
New-ADServiceAccount -name $serviceaccountname -DNSHostName <dns-host-name> -PrincipalsAllowedToRetrieveManagedPassword <group>
I've added a -Path statement to the command, but didn't want to run in just in case the accounts need to be in the specified folder.
Thanks in advance