Sure, here’s a step-by-step guide to creating and using a managed service account for a web application pool on a web server farm using PowerShell:
- Launch PowerShell as an administrator on one of the web servers in the farm.
- Create a new managed service account by running the following command:
New-ADServiceAccount -Name "WebAppPoolMSA" -Enabled $true -DNSHostName "<DNS host name of domain controller>" -PrincipalsAllowedToRetrieveManagedPassword "Domain Computers" -ServicePrincipalNames "HTTP/<Web App Pool FQDN>"
- Replace
<DNS host name of domain controller>with the DNS host name of your domain controller. - Replace
<Web App Pool FQDN>with the fully qualified domain name of the web application pool. - This command creates a new managed service account named “WebAppPoolMSA”, enables it, and specifies the domain computers that are allowed to retrieve the managed password. It also specifies the service principal name for the HTTP protocol.
- Assign the managed service account to the web application pool by running the following command:
Set-ItemProperty IIS:\AppPools\<AppPoolName> -Name "ManagedServiceAccount" -Value "DOMAIN\WebAppPoolMSA$" -PSPath "IIS:\"
- Replace
<AppPoolName>with the name of the web application pool. - Replace “DOMAIN” with the name of your domain.
- Set the password for the managed service account by running the following command:
Set-ADServiceAccountPassword -Identity "WebAppPoolMSA"
- This command sets the password for the managed service account. The password is automatically generated and managed by Active Directory.
- Restart the web application pool to apply the changes by running the following command:
Restart-WebAppPool <AppPoolName>
- Replace
<AppPoolName>with the name of the web application pool.
That’s it! You have successfully created and used a managed service account for a web application pool on a web server farm using PowerShell.
