locked
Group Managed Service Account RRS feed

  • Question

  • I have two domains that have a full trust. Can I make a managed service account in each domain and have them both use the same gMSA group for the ADPrincipal?
    Friday, February 5, 2016 1:51 PM

Answers

  • Hello,

    Think of Group Managed Service Accounts as a usable version of the Managed Service Account.  With gMSAs, Windows Server 2012 has addressed most of the limitations of MSAs.  Specifically a single gMSA can be used on multiple hosts.

    If you create a security group and add the computer objects of the hosts that will be allowed to use the gMSA. You can have computer objects from other trusted domain as usual.

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Yan Li_ Tuesday, February 23, 2016 2:54 AM
    • Marked as answer by Yan Li_ Thursday, February 25, 2016 2:15 AM
    Monday, February 8, 2016 3:02 AM

All replies

  • Hello,

    Think of Group Managed Service Accounts as a usable version of the Managed Service Account.  With gMSAs, Windows Server 2012 has addressed most of the limitations of MSAs.  Specifically a single gMSA can be used on multiple hosts.

    If you create a security group and add the computer objects of the hosts that will be allowed to use the gMSA. You can have computer objects from other trusted domain as usual.

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Yan Li_ Tuesday, February 23, 2016 2:54 AM
    • Marked as answer by Yan Li_ Thursday, February 25, 2016 2:15 AM
    Monday, February 8, 2016 3:02 AM
  • Hello,

    Is there any update?

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 23, 2016 2:55 AM