Service Account in Active Directory
A service account is a special user account that an application or service uses to interact with the operating system. Services use the service accounts to log on and make changes to the operating system or the configuration. Through permissions, you can control the actions that the service can perform. The following table identifies categories of service accounts.
Account Type |
Description |
Built-in local user account |
A built-in user account is a user account that is created automatically during installation. The following three built-in user accounts are used by most services:
When using built-in local user accounts:
|
Domain user account |
You can create domain user accounts for use by services. With domain user accounts: User accounts are managed centrally in Active Directory.
|
Managed service account
AND
Virtual account |
A managed service account is a new account type available in Windows Server 2008 R2 and Windows 7. A managed service account provides the same benefits of using a domain user account with these improvements:
When using a managed service account:
A virtual account is a new account type available in Windows Server 2008 R2 and Windows 7 Virtual accounts:
|
To use managed or virtual accounts:
- Computers must be running Windows Server 2008 R2 or Windows 7 for the service to use the managed or virtual account.
- You must update the Active Directory schema to Windows Server 2008 R2.
- Domain controllers can be Windows Server 2003, 2008, or 2008 R2. If the domain controller is below Windows Server 2008 R2, you must have the Active Directory Management Gateway Service.
- If a domain controller is running Windows Server 2008 R2 (or higher), service principal names (SPN) are managed automatically. If you do not have a domain controller running at least Windows Server 2008 R2, you must manage the SPN manually. Password resets are automatically managed for any supported domain controller.
Use the Active Directory module for Windows PowerShell to manage service accounts (and other objects). Common service account cmdlets include:
o New-ADServiceAccount creates a managed service account. By default, accounts are created in the Managed Service Account container in Active Directory (you can also specify an alternate OU for the new accounts).
o Get-ADServiceAccount displays properties for managed service accounts.
o Set-ADServiceAccount modifies settings.
o Remove-ADServiceAccount deletes a managed service account.
o Install-ADServiceAccount allows the computer to use the managed service account (install the account). Run Uninstall-ADServiceAccount to uninstall the account.
These are really great idas in regarding blogging.
You have touched some good pooints here. Any way keep upp wrinting.
Have you ever considered about including a little
bit more than just your articles? I mean, what you say
is valuable and everything. Nevertheless just imagine if you added
some great graphics or videos to give your posts more, “pop”!
Your content is excellent but with pics and video clips, this blog
could certainly be one of the greatest in its niche.
Great blog!
Thanks for your valuable feedback.. ! I will definitely work on your suggestions 🙂
Pingback: Automating Azure Resource Manager | Robert Daniel Moore's Blog
I need to know full details of a service account . Can you please send procedure to sravan.vy235@Gmail.com . Thanks in advance .
Find it strange that they haven’t included this in the AD DS GUI. Powershell is great, but the learning curve changes when you don’t implement it into your GUI.
Thank you so much 🙂