What's the impact of these changes on account management?

What's the impact of these changes on account management?

Are there any special considerations for using the new service account options?

Windows Server 2008 R2 domains provide native support for both automatic password management and SPN management. If the domain is running in Windows Server 2003 mode or Windows Server 2008 mode, additional configuration steps will be needed to support managed service accounts. This means that:

 If the domain controller is running Windows Server 2008 R2 and the schema has been upgraded to support managed service accounts, both automatic password and SPN management are available.

 If the domain controller is on a computer running Windows Server 2008 or Windows Server 2003 and the Active Directory schema has been upgraded to support this feature, managed service accounts can be used and service account passwords will be managed automatically. However, the domain administrator using these server operating systems will still need to manually configure SPN data for managed service accounts.

To use managed service accounts in Windows Server 2008, Windows Server 2003, or mixed-mode domain environments, the following schema changes must be applied:

 Run adprep /forestprep at the forest level.

 Run adprep /domainprep in every domain where you want to create and use managed service accounts.

 Deploy a domain controller running Windows Server 2008 R2 in the domain to manage managed service accounts by using Windows PowerShell cmdlets.

For more information, see AdPrep.

For more information about managing SPNs, see Service Principal Names.