Your network contains an Active Directory forest named contoso.com. All domain controllers run Windows Server 2008 R2. The schema is upgraded to Windows
Server 2012. Contoso.com contains two servers. The servers are configured as shown in the following table.
Server 1 and Server2 host a load-balanced application pool named AppPool1. You need to ensure that AppPool1 uses a group Managed Service Account as its
identity. Which 3 actions should you perform?
Select and Place:
Answer: 
Correct answer is:
Schema is 2012 so we don’t need any new DC.
Answer is:
1-We need to add a New-ADServiceAccount
2-We need to Install-ADServiceAccount to the Servers.
3-We need to change the Application Pool.
IMPORTANT:
http://technet.microsoft.com/en-us/library/jj128431.aspx#BKMK_gMSA_Req
Important: Service Accounts were already supported in 2008 howerver for gMSA we have more requirements:
Requirements:
Active Directory Domain Service requirements
• The Active Directory schema in the gMSA domain’s forest needs to be updated to Windows Server 2012 to create a gMSA.
You can update the schema by installing a domain controller that runs Windows Server 2012 or by running the version of adprep.exe from a computer running Windows Server 2012. The object-version attribute value for the object CN=Schema,CN=Configuration,DC=Contoso,DC=Com must be 52.
• New gMSA account provisioned
• If you are managing the service host permission to use gMSA by group, then new or existing security group
• If managing service access control by group, then new or existing security group
• If the first master root key for Active Directory is not deployed in the domain or has not been created, then create it. The result of its creation can be verified in the KdsSvc Operational log, Event ID 4004.
2
1