![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 17%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,207 questions
Hello HarishParameswaran,
There is no specific "best practice" about this. It everything depends on the Service Accounts and what permissions they have and services are used for. The general recommendation is to audit the access of the accounts to be migrated to see if they are overprivileged, special permissions, manual ACL inclusions, etc.
You can use different 3rd Party software such as Netwrix Auditor 9 or Active Directory Service Credentials Manager to easily parse and examine that information. Though you could certainly achieve the same with several other tools, by yourself manually perusing the logs.
I would also recommend some reading to the next article and subthreads explaining regarding the usage and adoption of gMSA accounts: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-group-managed
-----------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--