“Access Denied” when creating Managed Service Account using Powershell

 
Following Spencer Harbar’s advice when configuring the User Profile Synchronization Service in SharePoint 2010 I decided to use Managed Service Accounts in Windows 2008 R2, was hit with an issue striaght away.  I entered the command
 
>New-ADServiceAccount -name spcontent -AccountPassword(ConvertTo-SecureString -AsPlainText "{your password}" -Force) -Path "CN=Managed Service Accounts,DC=RIDGIANDM,DC=RIDGIAN,DC=CO,DC=UK"
 
which was correct, as far as I could tell, in an Administrator Powershell window after logging on as a domain administrator.  I instantly got hit with an "Access Denied".  WTF?  I ain’t got no more privileges to have!  Luckily as ever some chap had already come across the issue. 
 
This forum thread solves the problem which is (in case the thread is ever lost) turn off UAC for the duration when you are creating the Managed Service Acccounts.  This unfortunately means you hvae to reboot the machine you are logged onto, which in my case was the DC, so it pays to have more than one DC in your network …
 
UPDATE: After completing reading about Managed Service Accounts it looks like they ain’t suitable for farms and clusters, I’ve sought expert advice about this and hope to clarify sonnest.  In the meantime I’m going back to good old fashioned service accounts.
 
Cheers
Dave Mc
 
Advertisements

About davemcmahon81
Software Developer & Architect, User Group Leader, Speaker, Writer, Blogger, Occasional Guitarist, Man-made Global Warming Sceptic, Climate Change Believer, General Optimist but most of all proud Husband and Dad ...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: