deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #8058 from VLG17/patch-86

Browse Source 
note about security principal quota
This commit is contained in:
Kateyanne
2020-09-17 08:17:22 -07:00
committed by GitHub
parent a2ac1957a4 3a5c7ce0fd
commit 7218c1fe0c
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -145,6 +145,9 @@ Windows Server 2012 or later domain controllers support Group Managed Service Ac
GMSA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GMSA. Before you can create a GMSA, you must first create a root key for the service. You can skip this if your environment already uses GMSA.
>[!NOTE]
> If the [default object creation quota for security principles](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d55ca655-109b-4175-902a-3e9d60833012) is set, you will need to change it for the Group Managed Service Account in order to be able to register new devices.
#### Create KDS Root Key
Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.