Using gMSA for Task scheduler and Service account scenario?

EnterpriseArchitect 6,041 Reputation points
2023-03-02T00:57:27.1466667+00:00

Based on: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-group-managed

I'm trying to implement the gMSA for the following scenario:

  • Task Scheduler account
  • Service account (Failover Cluster, SQL Server, ADFS, Azure AD Connect, DHCP)

Would that be working for the above scenario or will cause some issues?

I would appreciate any assistance you can provide.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-03-03T09:43:38.8+00:00

    Hi @EnterpriseArchitect ,

    Please don't forget to mark helpful answer as accepted

    1 person found this answer helpful.

5 additional answers

Sort by: Most helpful
  1. Limitless Technology 44,751 Reputation points
    2023-03-02T14:38:43.5866667+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

    This should work. But what I can suggest is try to adjust your permission or the permission for the gMSA to make sure that the service account required access has it. In addition, it depends on your service accounts. You maybe need configuring Kerberos delegation so that the required authentication for the services will be provided for the gMSA.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    1 person found this answer helpful.

  2. Mukesh Agarwal 55 Reputation points
    2024-05-30T13:00:06.68+00:00

    Hi, while running service with GMSA, you need to keep the password blank. However, for task scheduler blank password does not work.

    You need to create, configure task using PowerShell if you want to run it using GMSA. Also, you can create a task with normal account and define parameters. Later, you can run the command below to replace the normal user account with GMSA

    schtasks /change /TN \test_gmsa_task /RU contoso\testgmsa$ /RP

    Note: The command is not documented in any Microsoft documents but it does it's work. However, if it does not work for some reason, you may not get support from Microsoft to troubleshoot why it does not work.

    1 person found this answer helpful.

  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  4. EnterpriseArchitect 6,041 Reputation points
    2023-03-27T00:37:14.73+00:00

    Hi @limitless technology & @thameur,
    How do you type in the password for gMSA when it is used as a Service account and Task Scheduler?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.