gmsa account to bind to Microsoft AD

Rambabu Vegula 41 Reputation points
2021-07-21T16:49:29.747+00:00

Hi,

Currently we are using User DN and password to BIND to Microsoft AD with port 636 for secure connection.

We would like to use gMSA accounts to BIND instead of specifying the User DN and Password to eliminate the overhead of updating the credentials at regular intervals.
At a high-level the same way we use gMSA accounts to connect to Database with Database driver.

Is there a possibility to achieve this?

Regards,
Rambabu

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,536 questions
{count} votes

Accepted answer
  1. Pierre Audonnet - MSFT 10,181 Reputation points Microsoft Employee
    2021-07-22T01:38:59.957+00:00

    In theory yes.

    But you cannot use a bind method that requires to provide a password. If you are using a DN it makes me think you are using a simple bind. gMSA account can't do a simple bind as they can do logons that require a password to be provided. You would have to change the way your application is working. If the application runs as a Windows service, you could configure the service to run with the gMSA and then have the code using GSSA-API (and Kerberos or NTLM) to bind to your domain controllers as opposed as a simple bind.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.