Forum Discussion
jwilliams1490
Jul 29, 2021Copper Contributor
DirectoryServicesClient CreateLdapConnectionAsync failed to retrieve group managed service account
I created a gMSA on one of the DC's because the ADFS server could not communicate to the DC's themselves and I figured a service account wasn't cutting it. Now I am getting an error saying, "Director...
ytakeaki
Mar 22, 2023Copper Contributor
I got the same error too. I resolved it with the following settings.
https://learn.microsoft.com/en-US/defender-for-identity/directory-service-accounts
* Verify that the gMSA account has the required rights (if needed)
You have to check Group Policy.
Domain > Default Domain Policy
or
Domain > Domain Controllers > Default Domain Controllers Policy
or
other GPO settings
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Log on as a service is set.
If the setting is configured, add the gMSA account to the list of accounts that can log on as a service in the Group Policy Management Editor.
after that, Do gpupdate.