I am having issues creating a group managed service account (gMSA) via PowerShell in the domain controller in my environment. This issue only started happening in August and wasn’t happening before.
This is the command that I am trying to run in PowerShell:
$allowedPrincipals = @("ServerGroup1", "ServerGroup2")
New-ADServiceAccount -name mymsa -DNSHostName mymsa.myenv.com -PrincipalsAllowedToRetrieveManagedPassword $allowedPrincipals
And this is the error that I'm getting :
New-ADServiceAccount : There are no more endpoints available from the endpoint mapper At line:2 char:1 New-ADServiceAccount -name mymsa -DNSHostName mymsa... + CategoryInfo : NotSpecified: (CN=mymsa...d,DC=govt,DC=nz:String) [New-ADServiceAccount], ADException + FullyQualifiedErrorId : ActiveDirectoryServer:1753,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount `
I've tried basically of the fixes I can find online, but none of the resources online are trying the same thing as I am (creating a gMSA). Would appreciate any advice