![]() ![]() The gMSA supports hosts that are kept offline for an extended time period, and management of member hosts for all instances of a service. Using a gMSA, services or service administrators do not need to manage password synchronization between service instances. By providing a gMSA solution, services can be configured for the new gMSA principal and the password management is handled by Windows. GMSAs provide a single identity solution for services running on a server farm, or on systems behind Network Load Balancer. Member hosts can obtain the current and preceding password values by contacting a domain controller. For a gMSA the domain controller computes the password on the key provided by the Key Distribution Services, in addition to other attributes of the gMSA. The Key Distribution Service shares a secret which is used to create keys for the account. The Microsoft Key Distribution Service (kdssvc.dll) provides the mechanism to securely obtain the latest key or a specific key with a key identifier for an Active Directory account. When a gMSA is used as service principals, the Windows operating system manages the password for the account instead of relying on the administrator to manage the password. When connecting to a service hosted on a server farm, such as Network Load Balanced solution, the authentication protocols supporting mutual authentication require that all instances of the services use the same principal. The group Managed Service Account (gMSA) provides the same functionality within the domain but also extends that functionality over multiple servers. This type of managed service account (MSA) was introduced in Windows Server 2008 R2 and Windows 7. Feature descriptionĪ standalone Managed Service Account (sMSA) is a managed domain account that provides automatic password management, simplified service principal name (SPN) management and the ability to delegate the management to other administrators. This topic for the IT professional introduces the group Managed Service Account by describing practical applications, changes in Microsoft's implementation, and hardware and software requirements. ![]() Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016 ![]()
0 Comments
Leave a Reply. |