Using gMSA for Task scheduler and Service account scenario?

EnterpriseArchitect 5,406 Reputation points
2023-03-02T00:57:27.1466667+00:00

Based on: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-group-managed

I'm trying to implement the gMSA for the following scenario:

  • Task Scheduler account
  • Service account (Failover Cluster, SQL Server, ADFS, Azure AD Connect, DHCP)

Would that be working for the above scenario or will cause some issues?

I would appreciate any assistance you can provide.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,228 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,642 questions
Windows Server Management
Windows Server Management
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Management: The act or process of organizing, handling, directing or controlling something.
440 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,851 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
551 questions
0 comments No comments
{count} votes

Accepted answer
  1. Thameur-BOURBITA 33,006 Reputation points
    2023-03-03T09:43:38.8+00:00

    Hi @EnterpriseArchitect ,

    Please don't forget to mark helpful answer as accepted

    1 person found this answer helpful.

5 additional answers

Sort by: Most helpful
  1. Limitless Technology 44,401 Reputation points
    2023-03-02T14:38:43.5866667+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

    This should work. But what I can suggest is try to adjust your permission or the permission for the gMSA to make sure that the service account required access has it. In addition, it depends on your service accounts. You maybe need configuring Kerberos delegation so that the required authentication for the services will be provided for the gMSA.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    1 person found this answer helpful.

  2. Mukesh Agarwal 15 Reputation points
    2024-05-30T13:00:06.68+00:00

    Hi, while running service with GMSA, you need to keep the password blank. However, for task scheduler blank password does not work.

    You need to create, configure task using PowerShell if you want to run it using GMSA. Also, you can create a task with normal account and define parameters. Later, you can run the command below to replace the normal user account with GMSA

    schtasks /change /TN \test_gmsa_task /RU contoso\testgmsa$ /RP

    Note: The command is not documented in any Microsoft documents but it does it's work. However, if it does not work for some reason, you may not get support from Microsoft to troubleshoot why it does not work.

    1 person found this answer helpful.

  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  4. EnterpriseArchitect 5,406 Reputation points
    2023-03-27T00:37:14.73+00:00

    Hi @limitless technology & @thameur,
    How do you type in the password for gMSA when it is used as a Service account and Task Scheduler?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.