Cannot create service account on Windows 2008 R2 environment

I have a domain where Domain & Forest functional levels are 2008 R2. I can see on guides Managed service account are supported but I cannot create them.

I have tried:

New-ADServiceAccount -Name xxx_MSA -Enabled $true
New-ADServiceAccount -Server dc1 -DNSHostName -Name xxx_MSA -Enabled $true

and get the error

"The specified directory service attribute or value does not exist", msDS-ManagedPasswordInterval

I suppose the problem is the kdsrootkey but when I try to create it from the DC I get

"The term 'Add-KdsRootKey' is not recognized".

I am missing something but cannot find what..