On the Agent installation screen, confirm settings and the account that will be created and select Confirm. To do this, click Add Directory and select the Select domain controller priority checkbox and then order the list of domain controllers. Optionally, you can manage the preference of domain controllers the agent will use. Then sign in with an administrator account from that domain. If you wish to add additional domains, enter them and select Add Directory. Your current domain has been added automatically. On the Connect Active Directory screen, click Next. Enter the domain administrator credentials to create the group Managed Service account that will be used to run the agent service. 
If you specify Use custom gMSA, you're prompted to provide this account. If you allow the agent to create the account, it will be named provAgentgMSA$.
On the Configure Service Account screen, select either Create gMSA, or Use custom gMSA. Sign in with your Azure AD global administrator account. After this operation finishes, the configuration wizard starts. On the Microsoft Azure AD Connect Provisioning Agent Package screen, accept the licensing terms, and select Install. Once the agent has completed downloading, click Open file. On the right, click Accept terms and download. On the menu on the left, select Azure AD Connect. Sign in to the Azure portal, and then go to Azure Active Directory. Sign in to the server you'll use with enterprise admin permissions. Now run through the installation wizard again and provide the credentials to create the account when prompted. To upgrade an existing agent to use the group Managed Service Account created during installation, update the agent service to the latest version by running AADConnectProvisioningAgent.msi. Upgrade an existing agent to use the gMSA For more information on a group Managed Service Account, see Group Managed Service Accounts. Azure AD Connect cloud sync supports and recommends the use of a group Managed Service Account for running the agent. It also extends this functionality over multiple servers. A group Managed Service Account (gMSA) is a managed domain account that provides automatic password management, simplified service principal name (SPN) management, and the ability to delegate the management to other administrators.
0 kommentar(er)
