Very quick bit of PowerShell to create a Managed Service Account.

Two sections, one to run on a DC, the other on a target machine.

Both machines must have the ActiveDirectory PowerShell module available.

[code language="powershell"]
# Run the following on a Domain Controller as Administrator
$msaUsername = "new-msa-user";
$msaComputerName = "SERVER-01";
New-ADServiceAccount -Name "$msaUsername" -RestrictToSingleComputer;
Add-ADComputerServiceAccount -Identity "$msaComputerName" -ServiceAccount "$msaUsername";

# Run the following on the target machine as specified in $msaComputerName above
$msaUsername = "new-msa-user";
Install-ADServiceAccount -Identity "$msaUsername";
Test-ADServiceAccount "$msaUsername";
[/code]

The last line of the second section will output 'True' if it's all working.

To use the account, simply append a '$' to the username, so the name above would become 'DOMAIN\new-msa-user$' and leave the password field blank.

If you can't find the 'Service Account' option in the Object Type filter (when applying file permissions etc...), log out and log back in again, it'll appear.

NB. You may need to add the AD PowerShell module to the remote machine:

[code language="powershell"]
Import-Module ServerManager
Add-WindowsFeature RSAT-AD-PowerShell
[/code]