Forum Discussion
Solved
change directory service account to group managed service account
Hello currently we are using a regular AD account for this. We want to change this group managed service account. What is the process for changing the directory service account to a group managed se...
No need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.
This is all documented in our docs:
https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gmsa-account-for-use-with-defender-for-identity and https://docs.microsoft.com/en-us/defender-for-identity/install-step2
Martin_Schvartzman
Microsoft
MicrosoftNo need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.
This is all documented in our docs:
https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gmsa-account-for-use-with-defender-for-identity and https://docs.microsoft.com/en-us/defender-for-identity/install-step2