Monday, December 1, 2014

Group Managed Service Account (gMSA) – Access Denied

I have seen a lot of questions on TechNet forums about Access Denied error when installing Group Managed Service Account (gMSA) using Install-ADServiceAccount PowerShell cmdlet. 

Install-ADServiceAccount : Cannot Install service account.  Error Message: ‘{Access Denied}

 

14

This error message can be little misleading if you are using proper administrative credentials.  If you are using a security group for your host servers (PrincipalsAllowedToRetrieveManagedPassword), you need ensure that this particular server is part of that security group.  If you have recently added this server to the group, you need to restart the server to get the updated group membership.  The service account cannot be installed on the server before verifying the group membership.

13 comments:

I am experiencing this problem, i have rebooted the Domain controller and once it has restarted, i have rebooted the two Member servers that i want to add the Service accounts on. When i start PowerShell run as administrator, using a domain Admin account. I get the above error message?

I ran into an issue all day where managed accounts would not install no matter what security group I set. Finally I realized by mistake:

Make sure that when you run New-ADServiceAccount you specify "-PrincipalsAllowedToRetrieveManagedPassword" and not "-PrincipalsAllowedToDelegateToAccount"

Using the Domain Administrator Account to run the query above and still the same error. Also WMI parameter error trying to add the account (Account is created but does not appear capable of service as a service account - doesn't show up in the AD when adding the account to SQL Server for example)

Here's what worked for me:
Run this after you create the new-adserviceaccount. Replace serverName with the name of the server you want to install the service account on. Be sure to include the $ at the end.
Set-ADServiceAccount -Identity nsFilePermSVC -PrincipalsAllowedToRetrieveManagedPassword serverName$

Cybersecurity starts with implementing perimeter network security configurations including firewall access rules, encrypted wireless networks, antivirus/antimalware and other traditional IT security best practices. You can also get managed it services washington dc if you want.

Quickbooks is the advanced accounting software to handle small and medium-sized businesses. Quickbooks Tool Hub is the compilation of all essential tools in one application. It can fix all common errors like password issues, installation errors, printing issues and PDF related errors.
Quickbooks Repair Tool

Yessssss, it is simple, elementary and always the case to restart !! THANK YOU.

I had to reboot server, then it worked.

Very nice post. Thanks for sharing the post. Best of Luck my dear friend. I like these kind of things .. I surely want something to contribute. is there any way for the same and check this too university assignment help -
online tutoring service
academic writing service

Andy2002 u da real mvp!

You actually make it look so easy with your performance but I find this matter to be actually something which I think I would never comprehend. It seems too complicated and extremely broad for me. I'm looking forward for your next post, I’ll try to get the hang of it! 온라인카지노

It is perfect time to make some plans for the future and it is time to be happy. I've read this post and if I could I desire to suggest you some interesting things or suggestions. Perhaps you could write next articles referring to this article. I want to read more things about it! 온라인카지노

You know your projects stand out of the herd. There is something special about them. It seems to me all of them are really brilliant! 온라인카지노

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More