安装文档参考:
1、安装Active Directory
https://medium.com/@dinika.15/installing-active-directory-on-windows-server-2012-r2-e9e614770588
2、创建Active Directory测试账号和组
创建账号
创建测试组
将账号加入组
3、创建GMSA账号
https://www.jorgebernhardt.com/how-to-create-a-group-managed-service-accounts-gmsa/
Add-KDSRootKey -EffectiveTime ((Get-Date).AddHours(-10))
New-ADServiceAccount –Name adfs1Gmsa –DNSHostname adfs1.591wifi.com –PrincipalsAllowedToRetrieveManagedPassword User -Enabled $True -ManagedPasswordIntervalInDays 30 –Passthru
Install-ADServiceAccount –Identity WebMSA
Test-ADServiceAccount –Identity WebMSA