Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
What is the error message you are getting? Also what OS are the DC's running?
Can't create gMSA account after sync quit working
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 79%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Bill
1
Reputation point
$ListOWKO.otherwellKnownObjects
B:32:1EB93889E40C45DF9F0C64D23BBB6237:CN=Managed Service Accounts\0ADEL:e5f8637
e-7e61-4ece-967a-58418f7f54c9,CN=Deleted Objects,DC=TRI,DC=local
5 answers
Sort by: Most helpful
-
-
Bill 1 Reputation point
2022-07-19T19:40:59.777+00:00 When running Microsoft Azure Active Directory Connect Provisioning.
Agent. Sync has been working for 2 years and started failing about 3 weeks ago.
2012r2 and 2012
Error while creating group managed service account (gMSA). Error: there is no such object on the server.
Both domain and forest levels are 2012. no errors in AzureADConnect event log
No errors in application filter "Directory Synchronization" event logs
Thanks for your reply!
Thanks
-
Gary Reynolds 9,406 Reputation points2022-07-20T09:55:19.59+00:00 Hi @Bill
From the output of the otherWellKnownObjects, the CN=Managed Service Accounts container has been deleted. You should probably try and restore the container first , you can use this article to restore the container - https://nettools.net/how-to-restore-deleted-ad-objects/
Gary.
-
Gary Reynolds 9,406 Reputation points
2022-07-21T23:17:10.717+00:00 Just checking if there is any update or progress on this one?
Sign in to comment -
-
Bill 1 Reputation point
2022-08-03T21:25:12.437+00:00 Sorry, broke my left foot. I'll attempt suggestions tomorrow morning when I'm onsite. I do appreciate the response and help offered!
Thanks
-
Bill 1 Reputation point
2022-08-15T18:29:07.213+00:00 So I was able to finally fix issue.
AD recycle bin was not enabled so I re-ran adprep to recreate missing objects. "Managed Services Accounts" and "otherWellKnowObjects" "B:32:1E(etc)
created KDS key etc.
Using AD powershell: New-ADServiceAccount -Name gMSA365 -Path "CN = Managed Service Accounts, DC=something, DC=local" -DNSHostName domain-controller01.something.local
I now have a gMSA365 "msDS-GroupManagedServiceAccount" object in my "Managed Services Accounts" container.
Thanks everyone!