Group Managed Service Accounts best practice when to use and not to use scenario?

Senior Systems Engineer

10/11/22, 5:37 AM

I have the requirement to use gMSA (Group Managed Service Accounts) to replace the statically assigned service account in my AD domain joined Servers that is already members of highly privileged groups like: Domain Admins, Enterprise Admins, etc...

I assume that any AD account that is running or used by the Windows or Application services can be replaced with this gMSA as it is very secure and no need to worry about writing down the password somewhere.

The normal service account is currently used by:

Azure AD Sync
ADFS
SQL Server

What's the best practice for when to use gMSA and when NOT to use gMSA ?

Thanks in advance.

0 + 0

security

active-directory

windows-server-2016

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Group Managed Service Accounts best practice when to use and not to use scenario?

TH: แนวทางปฏิบัติที่ดีที่สุดสำหรับบัญชีบริการที่มีการจัดการกลุ่มเมื่อใดควรใช้และไม่ใช้สถานการณ์จำลอง

RO: Cele mai bune practici pentru conturile de servicii gestionate de grup când să utilizați și să nu utilizați scenariul?

VI: Phương pháp hay nhất về tài khoản dịch vụ được quản lý theo nhóm khi nào nên sử dụng và không sử dụng kịch bản?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.