Score:0

Group Managed Service Accounts best practice when to use and not to use scenario?

pk flag

I have the requirement to use gMSA (Group Managed Service Accounts) to replace the statically assigned service account in my AD domain joined Servers that is already members of highly privileged groups like: Domain Admins, Enterprise Admins, etc...

I assume that any AD account that is running or used by the Windows or Application services can be replaced with this gMSA as it is very secure and no need to worry about writing down the password somewhere.

The normal service account is currently used by:

  • Azure AD Sync
  • ADFS
  • SQL Server

What's the best practice for when to use gMSA and when NOT to use gMSA ?

Thanks in advance.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.