Skip to content

Commit 81427e6

Browse files
billmathbillmath
committed
updating
1 parent 480d8c1 commit 81427e6

File tree

1 file changed

+1
-38
lines changed

1 file changed

+1
-38
lines changed

articles/active-directory/cloud-sync/how-to-prerequisites.md

Lines changed: 1 addition & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -50,44 +50,7 @@ If you are creating a custom gMSA account, you need to ensure that the account h
5050

5151
For steps on how to upgrade an existing agent to use a gMSA account see [Group Managed Service Accounts](how-to-install.md#group-managed-service-accounts).
5252

53-
#### Create gMSA account with PowerShell
54-
You can use the following PowerShell script to create a custom gMSA account. Then you can use the [cloud sync gMSA cmdlets](how-to-gmsa-cmdlets.md) to apply more granular permissions.
55-
56-
```powershell
57-
# Filename: 1_SetupgMSA.ps1
58-
# Description: Creates and installs a custom gMSA account for use with Azure AD Connect cloud sync.
59-
#
60-
# DISCLAIMER:
61-
# Copyright (c) Microsoft Corporation. All rights reserved. This
62-
# script is made available to you without any express, implied or
63-
# statutory warranty, not even the implied warranty of
64-
# merchantability or fitness for a particular purpose, or the
65-
# warranty of title or non-infringement. The entire risk of the
66-
# use or the results from the use of this script remains with you.
67-
#
68-
#
69-
#
70-
#
71-
# Declare variables
72-
$Name = 'provAPP1gMSA'
73-
$Description = "Azure AD Cloud Sync service account for APP1 server"
74-
$Server = "APP1.contoso.com"
75-
$Principal = Get-ADGroup 'Domain Computers'
76-
77-
# Create service account in Active Directory
78-
New-ADServiceAccount -Name $Name `
79-
-Description $Description `
80-
-DNSHostName $Server `
81-
-ManagedPasswordIntervalInDays 30 `
82-
-PrincipalsAllowedToRetrieveManagedPassword $Principal `
83-
-Enabled $True `
84-
-PassThru
85-
86-
# Install the new service account on Azure AD Cloud Sync server
87-
Install-ADServiceAccount -Identity $Name
88-
```
89-
90-
For additional information on the cmdlets above, see [Getting Started with Group Managed Service Accounts](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj128431(v=ws.11)?redirectedfrom=MSDN).
53+
For more information on how to prepare your Active Directory for Group Managed Service account, see [Group Managed Service Accounts Overview](/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview).
9154

9255
### In the Azure Active Directory admin center
9356

0 commit comments

Comments
 (0)