You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: includes/active-directory-cloud-sync-how-to-install.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,15 +35,15 @@ ms.custom: include file
35
35
>[!NOTE]
36
36
>If you are installing the provisioning agent for use with [on-premsise app provisioning](../articles/active-directory/app-provisioning/on-premises-application-provisioning-architecture.md) then select **On-premises application provisioning (Azure AD to application)**.
37
37
38
-
10. Sign in with your Azure AD global administrator account. If you have Internet Explorer enhanced security enabled, it will block the sign-in. If so, close the installation, [disable Internet Explorer enhanced security](/troubleshoot/developer/browsers/security-privacy/enhanced-security-configuration-faq), and restart the **Azure AD Connect Provisioning Agent Package** installation.
38
+
10. Sign in with your Azure AD global administrator or Hybrid Identity Administrator account. If you have Internet Explorer enhanced security enabled, it will block the sign-in. If so, close the installation, [disable Internet Explorer enhanced security](/troubleshoot/developer/browsers/security-privacy/enhanced-security-configuration-faq), and restart the **Azure AD Connect Provisioning Agent Package** installation.
39
39
40
40
:::image type="content" source="media/active-directory-cloud-sync-how-to-install/azure-ad-cloud-sync-sign-in-to-azure.png" alt-text="Screenshot of the Connect Azure AD screen." lightbox="media/active-directory-cloud-sync-how-to-install/azure-ad-cloud-sync-sign-in-to-azure.png":::
41
41
42
42
43
-
11. On the **Configure Service Account** screen, select a group Managed Service Account (gMSA). This account is used to run the agent service. If a managed service account is already configured in your domain, you might skip this screen. If prompted, choose either:
43
+
11. On the **Configure Service Account** screen, select a group Managed Service Account (gMSA). This account is used to run the agent service. If a managed service account is already configured in your domain by another agent and you are installing a second agent, you should select **Create gMSA** as the system will detect the existing account and add the required permissions for the new agent to use the gMSA account. When prompted, choose either:
44
44
45
-
-**Create gMSA** which lets the agent create the **provAgentgMSA$** managed service account for you. The group managed service account (for example, CONTOSO\provAgentgMSA$) will be created in the same Active Directory domain where the host server has joined. To use this option, enter the Active Directory domain administrator credentials.
46
-
-**Use custom gMSA** and provide the name of the managed service account.
45
+
-**Create gMSA** which lets the agent create the **provAgentgMSA$** managed service account for you. The group managed service account (for example, CONTOSO\provAgentgMSA$) will be created in the same Active Directory domain where the host server has joined. To use this option, enter the Active Directory domain administrator credentials (recommended).
46
+
-**Use custom gMSA** and provide the name of the managed service account that you have manually created for this task.
47
47
48
48
To continue, select **Next**.
49
49
@@ -53,7 +53,7 @@ ms.custom: include file
53
53
54
54
55
55
56
-
13. Sign in with your Active Directory domain administrator account. The domain administrator account shouldn't have password change requirements. In case the password expires or changes, you'll need to reconfigure the agent with the new credentials. This operation will add your on-premises directory. Select **OK**, then select **Next** to continue.
56
+
13. Sign in with your Active Directory domain administrator account. The domain administrator account shouldn't have an expired password. In case the password is expired or changes during agent install, you'll need to reconfigure the agent with the new credentials. This operation will add your on-premises directory. Select **OK**, then select **Next** to continue.
57
57
58
58
:::image type="content" source="media/active-directory-cloud-sync-how-to-install/azure-ad-cloud-sync-sign-in-to-active-directory.png" alt-text="Screenshot that shows how to enter the domain admin credentials." lightbox="media/active-directory-cloud-sync-how-to-install/azure-ad-cloud-sync-sign-in-to-active-directory.png":::
0 commit comments