Monday, December 1, 2014

Group Managed Service Account (gMSA) – Access Denied

I have seen a lot of questions on TechNet forums about Access Denied error when installing Group Managed Service Account (gMSA) using Install-ADServiceAccount PowerShell cmdlet. 

Install-ADServiceAccount : Cannot Install service account.  Error Message: ‘{Access Denied}

 

14

This error message can be little misleading if you are using proper administrative credentials.  If you are using a security group for your host servers (PrincipalsAllowedToRetrieveManagedPassword), you need ensure that this particular server is part of that security group.  If you have recently added this server to the group, you need to restart the server to get the updated group membership.  The service account cannot be installed on the server before verifying the group membership.

1 comments:

I am experiencing this problem, i have rebooted the Domain controller and once it has restarted, i have rebooted the two Member servers that i want to add the Service accounts on. When i start PowerShell run as administrator, using a domain Admin account. I get the above error message?

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More