Features of the Windows Server 2008 R2 Managed Services Account

When you deploy AD RMS today, you need to create a separate service account for RMS, so you associate a new feature in Server 2008 R2: Managed service account. First, let's find out what it is, right?

Managed Service account: Due to the cumbersome management of the domain user account password for the service being run, the hosting service account (Managed) has emerged. The so-called Managed services account, which is entrusted to the operating system to manage the account number. The password for the Managed service account (MSA) is automatically set up and maintained by the operating system and automatically updated periodically, without the need for manual intervention by the Administrator, as if the account does not have a password.

The role of the Managed Services account (MSA)

Managed service accounts isolate services from each other and require separate automatic password management

Reduce service outages, thereby reducing TCO

Use a single managed service account for each service or Per server (service account cannot be shared by multiple computers)

Better SPN management at the Windows Server 2008 R2 domain functional level (allow server renaming of service accounts)

To find out about the Managed services account, let's create an RMS service account!

1. Create MSA Account Number:

Log on to DC, open PowerShell as Administrator, enter New-adserviceaccount for service account creation.

2. Install MSA Account

Once the account is created, you can install the MSA account. Install the Managed Services account on a member server of a Windows Server 2008 R2 or on a Windows 7 client computer, and I have an environment where Server 2012 deploys RMS for domain member servers.

Open PowerShell as an administrator and enter the Install-adserviceaccount command.

3. Assigning MSA accounts to services

Open the Service Control Manager, expand the Configuration-service, double-click the service you want to configure on the right, under the Login tab, select "This Account"-"browse", navigate to the previously created MSA account, and click OK. Use this service to select the MSA account to run.