I am trying to create a Group Managed Service Account. So we have promoted our Windows Server 2016 VM to Domain Controller. The object version of the schema is 87. Now I am trying to create a KdsRootKey that's giving me an error that "The request is not supported". I have logged in as a domain administrator.Please help.
If you are using Azure ADDS then you don't need to create a KDS root key as it is pre-created on Azure AD Domain Services Managed domain. Also, you can't view the KDS root key on the managed domain either. So, you can try to just create the GMSA account. If the root key doesn't exist it should fail.