My April’s post about Managed Service Accounts had highest audience at my blog so far. Thanks for that! Chris Wright mentioned that he is working on GUI utility which would make MSA’s creation much easier (at least for guys not being so familiar with PowerShell).
I took a closer look at his utility. It’s in beta stage so far but looks more than promising. Utility is for free downloading at Chris’ blog. After installation open the app through link in start menu. You will see list of all your MSA at your current domain:
Creation of MSA is easy, just click New and fill in name of your new MSA, container and optionally SPNs:
After creation you will be asked for computer to link with created MSA:
Because Chris’ GUI tool is still in beta stage you will have to install account at target computer by PowerShell. For instruction check my April blog post.
During testing I run into Access denied error message when account was being created. Together with Chris we were trying to figure out what is causing that error message but were unsuccessful and unable to reproduce the error at Chris’ environment. As a workaround I had to launch the app as builtin domain administrator. Chris mentioned that some actions like deleting an account had to be run with elevated privileges.
I would like to thank Chris for his app which will make MSA creation much easier and more user friendly. I will look forward to stable version.