Are Group Managed Service Accounts Supported?
- EBERHARD, Sebastian (messageconcept)
Problem
Is it supported to use group managed service accounts (gMSA) in PeopleSync?
Solution
From release 22.2 on, there is limited support for group managed service accounts (gMSA) in PeopleSync. They can only be used for the account running the PeopleSync service.
Group managed service accounts cannot be used for accounts configured in PeopleSync console, such as service accounts and action accounts.
Before running setup, please verify that the gMSA can be used on the PeopleSync Backend server. Please verify with this PowerShell command:
Test-ADServiceAccount -Identity <AccountName>
#Example:
Test-ADServiceAccount -Identity psserviceMSADuring setup, enter the gMSA like this:
Enter the service account’s sAMAccountName in the “User Name” field. Do not forget to add the dollar sign at the end. In The “Netbios Domain” field, enter the netbios domain name. Leave the “Password” field empty.
There will be a warning stating that the account is invalid. Ignore this warning and continue setup.
After setup has completed, verify in the Services snap-in on the Backend Server that the PeopleSync Service is running and that it is using the gMSA specified.
As an alternative method, you can use a regular account during installation and switch to a gMSA after installation in the Services snap-in.
In this case, you need to grant data_reader and data_writer permissions for the gMSA in the SQL Server database.
Related articles
© 2010-2024 messageconcept GmbH / messageconcept software GmbH
Legal Notice / Imprint