Your network contains a single-domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains the servers shown in the following exhibit table.
You plan to install a line-of-business (LOB) application on Server1. The application will install a custom Windows service.
A new corporate security policy states that all custom Windows services must run under the context of a group managed service account (gMSA). You deploy a root key.
You need to create, configure, and install the gMSA that will be used by the new application.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.BE
Step 1: Provisioning group Managed Service Accounts
(B) Create a gMSA using the New-ADServiceAccount cmdlet.
Step 2: Configuring service identity application service
If using security groups for managing member hosts, add the computer account for the new member host to the security group (that the gMSA's member hosts are a member of).
To add member hosts using the Set-ADServiceAccount cmdlet
1. On the Windows Server 2012 domain controller (DC1, not Server1), run Windows PowerShell from the Taskbar.
2. At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
3. Get-ADServiceAccount [-Identity] <string> -Properties PrincipalsAllowedToRetrieveManagedPassword
4. (E) At the command prompt for the Windows PowerShell Active Directory module, type the following commands, and then press ENTER:
5. Set-ADServiceAccount [-Identity] <string> -PrincipalsAllowedToRetrieveManagedPassword <ADPrincipal[]>
6. Etc.
https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts