This new version of my free MSA management tool includes support for the new Group MSA type accounts introduced in Windows Server 2012, along with some other improvements.
Full list of changes can be found below, and you can download the new version from here: Managed Service Accounts GUI
- Now supports Group MSAs (introduced in Server 2012)
- OU path for new MSAs defaults to Managed Service Accounts container in root of domain
- Program update detection routine now prompts to enter proxy settings if it cannot contact web server directly
- Standalone MSAs and Group MSAs will no longer be found by the computer account selection dialog window that appears when clicking the Browse button in the Assign Computer window
- The type of MSA (Standalone or Group) is now listed next to the MSA name in the main window
- All files are now digitally signed with Cjwdev Ltd certificate
- Added “Assigned Computers” tab to the Edit MSA window
So now that that’s done, I am going to be working on re-writing my AD Tidy application from scratch. More details to come soon 🙂
Chris
I’m trying to use your GUI to create a SMSA with a length of 15 characters but I noticed your GUI only allows for 14 characters. The GUI counts the additional dollar sign too. I’ve succesfully created 15 character length SMSA’s with Powershell. This article confirms it: http://www.derekseaman.com/2010/02/server-2008-r2-managed-service-account.html
Hi Chris,
Thanks for letting me know about that bug, I’ve fixed it now and released a new version. Just go to Help -> Check For Updates to download it.
Thanks
Chris
Thanks for the update! I now can create 15 character length accounts. But… the last step in the process, installing the account on the target Windows Server 2012, failed.
…
Creating MSA Installer service on remote computer: “C:\Program Files\Cjwdev\MSA Installer\MSAInstallerSvc.exe” /install “/account:HASQL01W12SqlSv” “/initiatedby:HGVW7BEH30”
Error: Files and directories created successfully but service could not be installed and started due to the following error: Unable to create service. The last error reported was: The operation completed successfully
My guess is it has something to do with the double quotes. Manually executing the next statement in Powershell works:
PS C:\Program Files\Cjwdev\MSA Installer> .\MSAInstallerSvc.exe /install /account:HASQL01W12SqlSv /initiatedby:HGVW7BEH30
The quote marks shouldn’t cause a problem, and in fact without them there could be problems with special characters causing windows to interpret one of the arguments as two separate arguments. It has always worked fine in all of my test environments like that, so I’m surprised you’re seeing an issue. I’ll do some more testing and see if I can figure out what’s going on there. Can you just confirm whether or not you’re trying to install the MSA on the same computer you’re running MSA GUI on or if you’re installing the MSA on a remot computer?
I’m installing the MSA on a remote, Windows Server 2012, computer. After some experimenting I found that the length of the account can be a maximum of 15 characters in SQL Server 2008 R2 but SQL Server 2012 limits the length to 14 characters. I think this is a bug in SQL 2012.
I’ve tried the last step, installing a sMSA account, on a Windows Server 2008 r2 and despite the timeout it does work. On Windows Server 2012 the last step doesn’t work.