Forum Discussion
Test-AdServiceAccount getting result false
Test-AdServiceAccount -Identity gmsa_account False WARNING: Test failed for Managed Service Account gmsa_account. If standalone Managed Service Account, the account is linked to another comput...
EliOfek
Microsoft
MicrosoftMake sure the machine account has permissions to retrieve the gmsa password.
IF you open a support call, support can help with that.
IF you open a support call, support can help with that.
How we can verify that,
We can see successful result for other RODC servers?
gMSA account already added in log on a service in Default Domain Controller Policy.
Any suggestion?
We can see successful result for other RODC servers?
gMSA account already added in log on a service in Default Domain Controller Policy.
Any suggestion?
- Martin_Schvartzman
You should run the following command:
Get-AdServiceAccount -Identity gmsa_account -Properties PrincipalsAllowedToRetrieveManagedPasswordand verify the specific computer account is in the PrincipalsAllowedToRetrieveManagedPassword list, or is a member of a group in the list.
The error message you get when running Test-AdServiceAccount suggests it's not in the list, so you should add it using the Set-AdServiceAccount cmdlet.
