Creating GMSA (Group Managed Service Account) using PS commands for ADFS Install

10 Sunday Mar 2019

Steps for creating GMSA

Open PS ISE as Administrator run >Add-KdsRootKey -EffectiveTime((get-date).AddHours(-10)) this will output a Guid this will generate a new root key in the Active Directory.
Create a new ADservice account using New-ADServiceAccount [GMSAName] -DNSHostName [adfs.idynamics.com] -ServicePrincipalNames http:/[adfs.idynamics.com]
Set SPN using setspn -s host/adfs.idynamics.com [idynamics]\[GMSAName]$

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: