\uD83E\uDD14 Problem
Is it supported to use group managed service accounts (gMSA) in PeopleSync?
\uD83C\uDF31 Solution
From release 22.2 on, a group managed service account (gMSA) can be used only for the account running the PeopleSync service.
Group managed service accounts cannot be used for accounts configured in PeopleSync console, such as service accounts and action accounts.
Before running setup, please verify that the gMSA can be used on the PeopleSync Backend server. Please verify with this PowerShell command:
Test-ADServiceAccount -Identity <AccountName> #Example: Test-ADServiceAccount -Identity psserviceMSA
During setup, enter the gMSA like this:
Enter the service account’s sAMAccountName in the “User Name” field. Do not forget to add the dollar sign at the end. In The “Netbios Domain” field, enter the netbios domain name. Leave the “Password” field empty.
There will be a warning stating that the account is invalid. Ignore this warning and continue setup.
After setup has completed, verify in the Services snap-in on the Backend Server that the PeopleSync Service is running and that it is using the gMSA specified.
As an alternative installation method, you can install using a regular account and then later switch to a gMSA in the Services snap-in.
In this case, you need to grant data_reader and data_writer permissions for the gMSA in the SQL Server database.