Active Directory 2008 R2 introduced a new type of service account known as a managed service account. Managed service accounts work like computer accounts in Active Directory. That is to say, they automatically rotate their passwords every 30 days, and they cannot be used by a person to interactively log in to a computer system. Managed service accounts are exceptionally useful for applications that require named accounts and have a need for heightened security.
To create a managed service account in Active Directory, you must use PowerShell:
1. Click Start, Administrative Tools, and Active Directory Module for Windows PowerShell.
2. Type New-ADServiceAccount MSAName–enabled $true.
This creates ...