Skip to content

Commit 1e0324c

Browse files
DeCohenDeCohen
committed
Fic active directory service account
1 parent d2077f0 commit 1e0324c

File tree

1 file changed

+5
-7
lines changed

1 file changed

+5
-7
lines changed

defender-for-identity/deploy/create-directory-service-account-gmsa.md

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
title: Configure a gMSA directory service account for Defender for Identity
3-
description: Create and configure a group managed service account (gMSA) for use as the Directory Service account in Microsoft Defender for Identity.
3+
description: Create and configure a group managed service account (gMSA) for use as the Directory service account in Microsoft Defender for Identity.
44
ms.date: 10/12/2025
55
ms.topic: how-to
66
ms.reviewer: rlitinsky
@@ -35,17 +35,15 @@ This article describes how to create a [group managed service account (gMSA)](/w
3535

3636
## Create the gMSA account
3737

38-
3938
1. If you've never used a gMSA account before, you might need to generate a new root key for the Microsoft Group Key Distribution Service (KdsSvc) within Active Directory. This step is required only once per forest.
4039
To generate a new root key for immediate use, run the following command:
4140

4241
```powershell
4342
Add-KdsRootKey -EffectiveImmediately
4443
```
4544
46-
1. Update the following code with variable values for your environment.
47-
1. Give each gMSA a unique name for each forest or domain.
48-
1. Run the PowerShell commands as an administrator. This script creates a gMSA account, a group that can retrieve the account password, and adds the specified computer accounts to that group.
45+
1. Update the following code with variable values for your environment. Make sure to give each gMSA a unique name for each forest or domain.
46+
1. Run the PowerShell commands as an administrator. This script creates a gMSA account, and a group that can retrieve the account password. The script then adds the specified computer accounts to that group.
4947
5048
```powershell
5149
# Variables:
@@ -120,9 +118,9 @@ If you see this alert, check to see if the *Log on as a service policy* is confi
120118
> [!NOTE]
121119
> If you use the Group Policy Management Editor to configure the **Log on as a service** setting, make sure to add both **NT Service\All Services** and the gMSA account you created.
122120
123-
## Configure a Directory Service account in Microsoft Defender XDR
121+
## Configure a Directory service account in Microsoft Defender XDR
124122

125-
To connect your sensors with your Active Directory domains, configure Directory Service accounts in Microsoft Defender XDR.
123+
To connect your sensors with your Active Directory domains, configure Directory service accounts in Microsoft Defender XDR.
126124

127125
1. In [Microsoft Defender XDR](https://security.microsoft.com/), go to **Settings > Identities**.
128126

0 commit comments

Comments
 (0)