I have seen a lot of questions on TechNet forums about Access Denied error when installing Group Managed Service Account (gMSA) using Install-ADServiceAccount PowerShell cmdlet.

Install-ADServiceAccount : Cannot Install service account.  Error Message: ‘{Access Denied}

 

14

This error message can be little misleading if you are using proper administrative credentials.  If you are using a security group for your host servers (PrincipalsAllowedToRetrieveManagedPassword), you need ensure that this particular server is part of that security group.  If you have recently added this server to the group, you need to restart the server to get the updated group membership.  The service account cannot be installed on the server before verifying the group membership.

http://www.amazon.com/dp/1849687447/?tag=packtpubli-20
Categories: AzureMicrosoftServer

Related Posts

Microsoft

Azure – Your account is temporarily locked to prevent unauthorized use

Here is the another common error message when dealing with directory and password synchronization.  Error Message: Your account is temporarily locked to prevent unauthorized use. Try again later. Contact Customer Support if the problem persists Read more…

Microsoft

Verify Service Status Remotely Using Local Account – PowerShell Script

I have modified one of my previously published script – Stop, Start, Disable Service Remotely–PowerShell Script (http://portal.sivarajan.com/2011/05/stop-start-disable-service.html) to use Local account (instead of a domain account) to verify the status of the service.   Input Read more…

Microsoft

Collect Computer Information From Active Directory– PowerShell Script

This PowerShell script can be used to collect computer information from Active Directory.   I am searching only Windows XP and Windows 7 machines.  You can update these values  by modifying $OS1 and $OS2 variables. $OS1 Read more…