SOLVED

change directory service account to group managed service account

Occasional Contributor

Hello

currently we are using a regular AD account for this. We want to change this group managed service account. What is the process for changing the directory service account to a group managed service account? Do i need to reinstall the agents ?

1 Reply
best response confirmed by skipster311-175 (Occasional Contributor)
Solution

@skipster311-175 

No need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.

This is all documented in our docs: 

https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gm... and https://docs.microsoft.com/en-us/defender-for-identity/install-step2