我通过运行命令New-ADServiceAccount创建分组托管服务帐户gMSA,并指定-PrincipalsAllowedToRetrieveManagedPassword 。 在创建的那一刻,我能够在计算机上使用gMSA,该计算机被指定为-PrincipalsAllowedToRetrieveManagedPassword 。
Install-ADServiceAccount的目的是什么? 我找到了许多人们说要运行它的博客,但没有人解释为什么要这样做。
我没有这样做,一切正常。
I create grouped managed service account gMSA by running command New-ADServiceAccount and I specify -PrincipalsAllowedToRetrieveManagedPassword. At the very moment of creation I am able to use gMSA on computer which is specified as -PrincipalsAllowedToRetrieveManagedPassword.
What is the purpose of Install-ADServiceAccount? I have found many blogs where people say to run it but nobody explains reason why to do it.
I am not doing it and everything works fine.
最满意答案
Install-ADServiceAccount用于将MSA安装/链接到计算机,以便可以使用它。 这是必需的,因为MSA与计算机具有一对一的关系。 它不适用于可以共享的gMSA。 gMSA仅要求您使用New-/Set-ADServiceAccount设置权限
如何使用gMSA: https ://technet.microsoft.com/en-us/library/jj128431.aspx
Install-ADServiceAccount is used for installing/linking an MSA to the computer so it's available to be used. This is needed because MSA have a one-to-one relationship with a computer. It does not apply to gMSA which can be shared. gMSA only require you to set the permissions using New-/Set-ADServiceAccount
How to use gMSA: https://technet.microsoft.com/en-us/library/jj128431.aspx
更多推荐
发布评论