Creating a Managed Service Account

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to create a managed service account. Managed service accounts are used to run various services for applications that are operating in your domain environment.

Example 1

The following example demonstrates how to create a service account, SQL-SRV1, in the container Managed Service Accounts in the Fabrikam.com domain:

New-ADServiceAccount -Name SQL-SRV1 -Path "CN=Managed Service Accounts,DC=FABRIKAM,DC=COM"

Example 2

The following example demonstrates how to create a service account, SQL-SRV1, in the container Managed Service Accounts in the Fabrikam.com domain:

New-ADServiceAccount SQL-SRV1 -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path "CN=Managed Service Accounts,DC=FABRIKAM,DC=COM" -ServicePrincipalNames "MSSQLSVC/FABRIKAM-SRV1.FABRIKAM.COM:1456"

Additional information

You can use the following parameters when you set many of the common values that are associated with creating a managed service account:

• AccountNotDelegated

• Enabled

• HomePage

• ServicePrincipalNames

• TrustedForDelegation

For a full explanation of the parameters that you can pass to New-ADServiceAccount, at the Active Directory module command prompt, type Get-Help New-ADServiceAccount –detailed, and then press ENTER.