Following Spencer Harbar’s advice when configuring the User Profile Synchronization Service in SharePoint 2010 I decided to use Managed Service Accounts in Windows 2008 R2, was hit with an issue striaght away. I entered the command
>New-ADServiceAccount -name spcontent -AccountPassword(ConvertTo-SecureString -AsPlainText "{your password}" -Force) -Path "CN=Managed Service Accounts,DC=RIDGIANDM,DC=RIDGIAN,DC=CO,DC=UK"
which was correct, as far as I could tell, in an Administrator Powershell window after logging on as a domain administrator. I instantly got hit with an "Access Denied". WTF? I ain’t got no more privileges to have! Luckily as ever some chap had already come across the issue.
This forum thread solves the problem which is (in case the thread is ever lost) turn off UAC for the duration when you are creating the Managed Service Acccounts. This unfortunately means you hvae to reboot the machine you are logged onto, which in my case was the DC, so it pays to have more than one DC in your network …
UPDATE: After completing reading about Managed Service Accounts it looks like they ain’t suitable for farms and clusters, I’ve sought expert advice about this and hope to clarify sonnest. In the meantime I’m going back to good old fashioned service accounts.
Cheers
Dave Mc
Dave Mc's Blog 
Leave a comment