Forum Discussion
Test-AdServiceAccount getting result false
Test-AdServiceAccount -Identity gmsa_account False WARNING: Test failed for Managed Service Account gmsa_account. If standalone Managed Service Account, the account is linked to another comput...
How we can verify that,
We can see successful result for other RODC servers?
gMSA account already added in log on a service in Default Domain Controller Policy.
Any suggestion?
We can see successful result for other RODC servers?
gMSA account already added in log on a service in Default Domain Controller Policy.
Any suggestion?
Martin_Schvartzman
Microsoft
Microsoft
You should run the following command:
Get-AdServiceAccount -Identity gmsa_account -Properties PrincipalsAllowedToRetrieveManagedPasswordand verify the specific computer account is in the PrincipalsAllowedToRetrieveManagedPassword list, or is a member of a group in the list.
The error message you get when running Test-AdServiceAccount suggests it's not in the list, so you should add it using the Set-AdServiceAccount cmdlet.