Hi @Lisette Whisenant ,
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to accept the answer.
Error Message:
- Unable to create gMSA because KDS may not be running on domain controller.
- Cannot find an object with identity: 'provAgentgMSA'.."
Issue:
You received the "unable to create gMSA" error when installing the Azure AD Connect Provisioning Agent. When running the Set-ADServiceAccount
command to update the Kerberos Encryption Type, you received the error, "Set-ADServiceAccount : Cannot find an object with identity: 'provAgentgMSA'.."
Solution:
You needed to locate the SAMAccountName for the provAgentGMSA account. Then you needed to run Get-ADServiceAccount -filter *
to query the service accounts and locate your provAgentgMSA account. You were then able to successfully run the Set-ADServiceAccount
command again with the -Identity filter using the SAMAccountName.
If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.
Thank you again for your time and patience throughout this issue.