Forum Discussion
change directory service account to group managed service account
Hello
currently we are using a regular AD account for this. We want to change this group managed service account. What is the process for changing the directory service account to a group managed service account? Do i need to reinstall the agents ?
No need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.
This is all documented in our docs:
https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gmsa-account-for-use-with-defender-for-identity and https://docs.microsoft.com/en-us/defender-for-identity/install-step2
1 Reply
- Martin_Schvartzman
Microsoft
No need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.
This is all documented in our docs:
https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gmsa-account-for-use-with-defender-for-identity and https://docs.microsoft.com/en-us/defender-for-identity/install-step2