Create Managed Service Accounts with PowerShell. Do not create managed service accounts with Active Directory Users and Computers.

Although some versions of Active Directory Users and Computers (dsa.msc) may expose a schema option to add Managed Service Accounts (msDS-ManagedServiceAccount). You should not use this option. This option is exposed because it is a schema option, but should not be used because several required properties will not be attached to managed service accounts created in this manner. Instead, you should use PowerShell to create managed service accounts.

Example 1

The following example demonstrates how to create a service account, SQL-SRV1, in the container Managed Service Accounts in the Fabrikam.com domain:

New-ADServiceAccount -Name SQL-SRV1 -Path "CN=Managed Service Accounts,DC=FABRIKAM,DC=COM"

Example 2

The following example demonstrates how to create a service account, SQL-SRV1, in the container Managed Service Accounts in the Fabrikam.com domain:

New-ADServiceAccount SQL-SRV1 -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path "CN=Managed Service Accounts,DC=FABRIKAM,DC=COM" -ServicePrincipalNames "MSSQLSVC/FABRIKAM-SRV1.FABRIKAM.COM:1456"

Examples from https://technet.microsoft.com/en-us/library/dd391964.aspx

This posting is provided "AS IS" with no warranties, and confers no rights.