Hello everybody….
Windows server 2012 launched, and sure a lot of you guys started working with new features that added to the server… about me I used it from the beta version I like it very much… last night I decided to create (Managed Service Accounts) I started PowerShell and wrote the correct command but I faced the following error:
I became doubt myself ( looooool) and I tried to change the command but trust me I was sure this is the correct command,,, I started my tour to find a solution and I find the following note: “You must wait 10 hours from creation time to allow all DCs to converge AD replication before you can create gMSA. 10 hours prevents password generation from occurring before all DCs in environment capable of answering gMSA requests.”
But in my in my environment I used only one DC; should I wait 10 hours??? in fact No. I used the following command:
Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))
Which Allows using gMSAs immediately, because it sets the start time 10 hours in past. After that everything worked fine as below in the snapshot….I hope this help you 🙂