A: Managed Service Accounts (MSAs) allow accounts to be created in Active Directory (AD) whose passwords are automatically synchronized and updated per policies with the server who uses the accounts for a service. This avoids the common problem of using accounts that either have to be set with passwords that never expire, which is a security risk, or have passwords that expire and break the service using them.

While the domain functional level doesn't need to be Windows Server 2008 R2, the Windows Server 2008 R2 schema update must have been applied to the forest. If the domain is not Windows Server 2008 R2 functional level, the Service Principle Names will need to be manually managed (by passwords are still handled automatically).

To see more answers about Windows Server 2012, MSAs, AD, virtualization, and all things IT,  click over to our FAQs page.