May 31 2022 08:03 AM
Hello
currently we are using a regular AD account for this. We want to change this group managed service account. What is the process for changing the directory service account to a group managed service account? Do i need to reinstall the agents ?
May 31 2022 09:05 AM
SolutionNo need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.
This is all documented in our docs:
https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gm... and https://docs.microsoft.com/en-us/defender-for-identity/install-step2
May 31 2022 09:05 AM
SolutionNo need to reinstall the agents. Just create the gMSA in the domain, grant the computer accounts the permissions to retrieve its password, grant the gMSA the 'Logon as a service' privilege on the servers, and add the gMSA in the portal.
This is all documented in our docs:
https://docs.microsoft.com/en-us/defender-for-identity/directory-service-accounts#how-to-create-a-gm... and https://docs.microsoft.com/en-us/defender-for-identity/install-step2