1. Install AD powershell module. (On Domain controller you can skip this step.)
Install-WindowsFeature RSAT-AD-PowerShell
2.Import AD powershell module.
Import-Module ActiveDirectory
3. Create the Key Distribution Services KDS Root Key.
Add-KdsRootKey –EffectiveImmediately
Windows Server 2012 DCs will not be able to use the root key until replication is successful. By default, it’s 10 hours.
So you can use below command to create the KDS root key in a test environment for immediate effectiveness
Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10));
4. Create the Managed Service Account as required.
New-ADServiceAccount -Name VCsrv -DNSHostName dc.lab.home -Enabled $true -path "CN=Users,DC=lab,DC=home"
5. Assign the MSA to the computer account.
Add-ADComputerServiceAccount –Identity “vc” –ServiceAccount VCsrv