After you create the accounts that will replace an existing service account, you should test both of the sub-accounts running the target service before you create the multiplexed account that will use them. Note that it is important for you to test operations thoroughly for both of the sub-accounts before you attempt to automate password rotation for a target service. After a service is configured to use the multiplexed account, the Privileged Access Service will only use the sub-accounts to run the target service. The original service account will no longer be used.
By testing the sub-accounts first, you can ensure they don’t cause service interruptions, service failures, or account locking problems.