Using gMSA for Task scheduler and Service account scenario?

Question

Based on: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-group-managed

I'm trying to implement the gMSA for the following scenario:

• Task Scheduler account
• Service account (Failover Cluster, SQL Server, ADFS, Azure AD Connect, DHCP)

Would that be working for the above scenario or will cause some issues?

I would appreciate any assistance you can provide.

Answer 1

Hi @EnterpriseArchitect ,

• Task Scheduler account => GMSA is supported
• Failover Cluster => is not supported : Group Managed Service Accounts Overview
  
• SQL Server => GMSA is supported
• ADFS => GMSA is supported : Creating an AD FS Farm without domain admin privileges
• Azure AD Connect => you can use GMSA , I alreday use it in my infra
• DHCP => GMSA is not supported

Please don't forget to mark helpful answer as accepted

Answer 2

Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

This should work. But what I can suggest is try to adjust your permission or the permission for the gMSA to make sure that the service account required access has it. In addition, it depends on your service accounts. You maybe need configuring Kerberos delegation so that the required authentication for the services will be provided for the gMSA.

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

Answer 3

Hi @limitless technology & @thameur,
How do you type in the password for gMSA when it is used as a Service account and Task Scheduler?