This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Group Managed Service Account
Group Managed Service Account

Version management

Difference between version and

At line 1 added 211 lines
!!! Overview
[{$pagename}] ([gMSA]) is a [MSA] within the [AD DOMAIN] that provides automatic [Password Management], simplified [ServicePrincipalName] ([SPN]) management and the ability for [Delegation] the management to other administrators over multiple servers.
[{$pagename}] when connecting to a service hosted on a server farm, such as Network Load Balanced solution, the [Authentication Protocols] [Mutual Authentication] require that all instances of the services use the same [ServicePrincipalName]. When a [{$pagename}] is used as service principals, the Windows operating system manages the password for the [MSA].
The [Microsoft] [Key Distribution Service|Key Distribution Center] (kdssvc.dll) provides the mechanism to securely obtain the latest key or a specific key with a key identifier for an [Microsoft Active Directory] account. The Key Distribution Service shares a secret which is used to create keys for the account. These keys are periodically changed. For a gMSA the domain controller computes the password on the key provided by the Key Distribution Services, in addition to other attributes of the gMSA. Member hosts can obtain the current and preceding password values by contacting a domain controller.
[{$pagename}] are [Microsoft Active Directory] [ObjectClass] of [msDS-GroupManagedServiceAccount] and typically have a [User-Account-Control Attribute Value] of [WORKSTATION_TRUST_ACCOUNT] (4096)
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop