Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [managed-service-accounts]

36 questions
2
votes
0 answers

How does one create a certificate request for a managed service account in Windows?

I have a managed service account which needs a certificate in its personal store for decryption. I tried opening the Certificates snap-in and pointing to the service, but when I right-click on the "Personal" store the Request New Certificate option…
bshacklett
  • 1,378
  • 4
  • 19
  • 39
2
votes
1 answer

gMSA and Read Only Domain Controllers

Windows Server 2019 Environment I have 2 writable DCs and 1 RODC out in a DMZ that will all need to use a gMSA for some software we are deploying. This is my first time ever making use of gMSAs / MSAs, and while everything went well for creation…
The ITea Guy
  • 321
  • 1
  • 6
  • 16
2
votes
1 answer

Removing MediaAdmin and ServerAdmin managed server accounts in Active Directory

Our Active Directory Domain contains two Managed Service Accounts, MediaAdmin and ServerAdmin: I don't remember adding them, and Google tells me that they are related to the Windows Server Essentials role. Their HostComputers attribute is an empty…
Heinzi
  • 2,217
  • 5
  • 32
  • 52
2
votes
0 answers

Group Managed Service Account access to network share on remote server

We've got a service running using a Group Managed Service Account on a Windows Server 2016 host (HostA). We're extending the functionality of this service so that it runs an R script which needs to access a file share \\HostB\Data on another Windows…
Stuart
  • 141
  • 4
1
vote
1 answer

Remove AD PS Module after installing gMSA on Windows Server 2012 R2

I installed a Group Managed Service Account on a Windows 2012 R2 Server. In doing so, I had to install the Active Directory module for Windows PowerShell Feature. Is it possible to uninstall that Feature now that the gMSA has been installed? Or…
bg818969
  • 13
  • 3
1
vote
1 answer

How to find owner of a aws account with account number

I inherited a couple of AWS environments. I have been recently doing security audits of s3 and found several policies with principals containing aws account numbers I don't know and nobody at my company are familiar with them either. So I want to…
user176373
  • 53
  • 2
  • 4
1
vote
0 answers

IIS App Pool won't start with gMSA identity if it is first used after the number of days in msDS-ManagedPasswordInterval

We have been using Group Managed Service Accounts (gMSAs) in our environment without issues until recently. We deployed several apps to production where the gMSAs had been created about 60 days ago but had not yet been used. On the gMSA's…
jhiller
  • 161
  • 1
  • 2
1
vote
1 answer

Schedule Windows Task with Managed Service Account on DC

I have downloaded a script from TechNet and i am scheduling this with the MSA(Manage Service Account) on a DC. I get the error Task Scheduler launched "{!@#!#!@#}" instance of task "\TasknamE" for user "MSA$" . Task Scheduler failed to start…
Pasha
  • 243
  • 5
  • 14
1
vote
1 answer

Difference between Managed Service Account and Non Interactive Server Account in AD

Just out of Curiosity also I couldn't find the answers to this anywhere, I am learning AD LDAP and came across a scenario for using non interactive service account for binding LDAP. I am not able to understand the uses of of these account types. Any…
user780742
1
vote
1 answer

Group Managed Service Accounts (GMSA) and Read-Only Domain Controllers (RODC)

We have RODC in a DMZ site and we would like to use GMSA, but the problem is that since domain controllers are read-only, it seems that I have to set a password at the creation of a new account such as: New-ADServiceAccount -name STEST01_gmsa…
user219241
1
vote
1 answer

Running powershell as service account without logon privilege

I'm trying to run a powershell script as a service account via task scheduler. It has to run as the service account (rather than the local system) to get required permissions to do some of the tasks. For security purposes, all service accounts in…
user3129594
  • 176
  • 3
0
votes
0 answers

Can a gMSA be used with Centralized Certificates?

I'm planning a rollout of IIS Centralized Certificates (on Windows 2016 servers), and attempting to determine if this would support a Group Managed Service account, or if I have to go with a regular domain or local account. I've searched for a few…
Ross Presser
  • 453
  • 6
  • 22
0
votes
2 answers

Managed hosting, VPS & RAM - Virtual Memory?

I'm talking to a web host that's just starting up. They have shared hosting and managed VPS's. With shared hosting I understand that they have a script checking if a process goes over memory limits and if so, the process is killed. Similarly, for…
Diagon
  • 246
  • 1
  • 11
0
votes
1 answer

SQL Server with MSA cannot write to UNC share

I have SQL Server 2012 running in an Active Directory Domain environment. I set up a Managed Service Account for the SQL services to run under, as per this document. Since my domain functional level is 2008, it's a regular MSA and not a gMSA…
Charles Burge
  • 768
  • 6
  • 16
0
votes
1 answer

Added SQL Server 2008 R2 to domain, can't send email

I had a standalone machine running SQL Server 2008 R2 that I joined to a domain. I set up an MSA and set all of the SQL services to log in under it. I can access the DB remotely and run queries, but database mail doesn't work. I created a user in…
grumble
  • 35
  • 4
1
2
3