Install an Active Directory service account on a computer.

      Install-ADServiceAccount [-Identity] ADServiceAccount
         [-Force] [-AuthType {Negotiate | Basic}]
            [-Confirm] [-WhatIf] [CommonParameters]

   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.


   -Identity ADServiceAccount
       An AD service account object, specified with one of the following values.
       (The identifier in parentheses is the LDAP display name for the attribute.)

          Distinguished Name 
            Example: CN=WebAccount,CN=ManagedServiceAccounts, DC=corp,DC=SS64,DC=com 
          GUID (objectGUID) 
            Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
          Security Identifier (objectSid) 
            Example: S-1-5-21-3165297888-301567370-576410423-1103
          Security Accounts Manager (SAM) Account Name (sAMAccountName)
            Example: WebAccount$

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       This parameter can also get this object through the pipeline or you can set this
       parameter to an object instance.

       This example shows how to set the parameter to a distinguished name.
          -Identity  "CN=WebAccount,CN=ManagedServiceAccounts,DC=corp,DC=SS64,DC=com"

       This example shows how to set this parameter to a group object instance named "accountInstance".
          -Identity $accountInstance

       Prompt for confirmation before executing the command.

       Describe what would happen if you executed the command, without actually executing the command.

       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

Install-ADServiceAccount installs an existing AD service account on the computer on which the cmdlet is run.

MSA’s can run one (or more) services on one specific computer.

  1. Create the MSA in AD. (New-ADServiceAccount)
  2. Associate the MSA with a computer in AD. (Add-ADComputerServiceAccount )
  3. Install the MSA on the computer that was associated. (Install-ADServiceAccount)
  4. Configure the service(s) to use the MSA.

Install-ADServiceAccount verifies that the computer is eligible to host the service account. The cmdlet also makes the required changes locally so that the service account password can be periodically reset by the computer without requiring any user action.

The -Identity parameter specifies the Active Directory service account to install. Identify a service account by its distinguished name Members (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a service account object variable, or pass a service account object through the pipeline. For example, from Get-ADServiceAccount.


Install a Service Account named 'svc64' on the local computer:

PS C:\> Install-ADServiceAccount -Identity 'svc64'

Get a Service Account named 'svc64' from the default directory and install it on the local machine.:

PS C:\> $acct = Get-ADServiceAccount -Filter { Name -eq 'svc64'}
PS C:\> Install-ADServiceAccount $acct

“If you want to know the end, look at the beginning” ~ African Proverb


Get-adServiceAccount - Get one or more AD service accounts
New-adServiceAccount - Create a new AD service account
Set-adServiceAccount - Modify an AD service account
Uninstall-adServiceAccount - UnInstall an AD service account from a computer
Active Directory Management Gateway Service - Required to manage AD Domain Services with PowerShell.
Service Accounts Step-by-Step Guide - Configure and administer Managed Service Accounts in Windows 2008.

Copyright © 1999-2018
Some rights reserved