Monday, December 1, 2014

Group Managed Service Account (gMSA) – Access Denied

I have seen a lot of questions on TechNet forums about Access Denied error when installing Group Managed Service Account (gMSA) using Install-ADServiceAccount PowerShell cmdlet. 

Install-ADServiceAccount : Cannot Install service account.  Error Message: ‘{Access Denied}



This error message can be little misleading if you are using proper administrative credentials.  If you are using a security group for your host servers (PrincipalsAllowedToRetrieveManagedPassword), you need ensure that this particular server is part of that security group.  If you have recently added this server to the group, you need to restart the server to get the updated group membership.  The service account cannot be installed on the server before verifying the group membership.


I am experiencing this problem, i have rebooted the Domain controller and once it has restarted, i have rebooted the two Member servers that i want to add the Service accounts on. When i start PowerShell run as administrator, using a domain Admin account. I get the above error message?

I ran into an issue all day where managed accounts would not install no matter what security group I set. Finally I realized by mistake:

Make sure that when you run New-ADServiceAccount you specify "-PrincipalsAllowedToRetrieveManagedPassword" and not "-PrincipalsAllowedToDelegateToAccount"

Using the Domain Administrator Account to run the query above and still the same error. Also WMI parameter error trying to add the account (Account is created but does not appear capable of service as a service account - doesn't show up in the AD when adding the account to SQL Server for example)

Here's what worked for me:
Run this after you create the new-adserviceaccount. Replace serverName with the name of the server you want to install the service account on. Be sure to include the $ at the end.
Set-ADServiceAccount -Identity nsFilePermSVC -PrincipalsAllowedToRetrieveManagedPassword serverName$

Cybersecurity starts with implementing perimeter network security configurations including firewall access rules, encrypted wireless networks, antivirus/antimalware and other traditional IT security best practices. You can also get managed it services washington dc if you want.

Quickbooks is the advanced accounting software to handle small and medium-sized businesses. Quickbooks Tool Hub is the compilation of all essential tools in one application. It can fix all common errors like password issues, installation errors, printing issues and PDF related errors.
Quickbooks Repair Tool

Yessssss, it is simple, elementary and always the case to restart !! THANK YOU.

I had to reboot server, then it worked.

Post a Comment

Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More