Stack Overflow
Stack Overflow

Questions tagged [gmsa]

gMSA - Group Managed Service Account is a feature introduced in Windows Server 2012. It allows for configured hosts to use the user without the password.

32 questions
4
votes
0 answers

Connecting to SQL Server with Integrated Security within Windows container

I am working on being able to connect services hosted within a Windows container to SQL Server using Integrated Security. As per the Microsoft documentation, I have created a grouped managed service account (gMSA), credentials spec and my container…
Prtpl
  • 59
  • 4
4
votes
0 answers

Running aspnet core in docker with sql server integrate security

I'm working on getting an aspnet core app running in docker using gMSA. I've created a security group, created a gMSA, and created a credentials spec file using this article -…
mccow002
  • 6,754
  • 3
  • 26
  • 36
4
votes
1 answer

Where is the MSA operational log?

I have created a gMSA like this: New-ADServiceAccount -name Cust00000 -DNSHostName Cust00000.domain.com -PrincipalsAllowedToRetrieveManagedPassword "IIS_IUSRS" -ManagedPasswordIntervalInDays 60 And life seems to be good. However, when I run…
sirdank
  • 3,351
  • 3
  • 25
  • 58
3
votes
1 answer

Use gMSA account in TFS pipeline

Can we use gMSA account in TFS Release pipeline? I am trying to use gMSA account for 'Windows Machine File Copy' task but since I don't have the password for gMSA account, I specify an empty string. But when I run, I get the following…
kapd
  • 639
  • 1
  • 7
  • 20
3
votes
0 answers

Run AspNet Core app in docker using GMSA

I'm trying to use GMSA for SQL connection from AspNet core application. All the prep steps are done, but it appears it does not work. I guess the reason is that the application is started with "dotnet.exe myapp.dll" and it is not using LocalSystem…
Sunny Milenov
  • 21,990
  • 6
  • 80
  • 106
2
votes
1 answer

Creating a service with a gMSA account using New-Service

Is it possible to use the New-Service command to create a service using a gMSA account? I tried creating the credentials with a blank password but it fails because ConvertTo-SecureString expects the string to not be empty. $password =…
Max Young
  • 1,522
  • 1
  • 16
  • 42
2
votes
2 answers

Start PowerShell As A Group Managed Service Account

How do I start PowerShell with a gMSA account. I right click on the PowerShell icon, run as different user, then input domain\msa$ with no password. It errors out about credentials being incorrect. I've installed the service account on the machine…
Crust3
  • 493
  • 1
  • 6
  • 19
2
votes
1 answer

Deploy gMSA account as task scheduler user account

I am trying to create a task on windows 2016 server, and need to deploy gMSA account as the log on account and below is the script i am using, i need to ensure that the option- "Run whether user is logged or not" gets selected,what change should be…
Avinash Mvrick
  • 25
  • 1
  • 1
  • 6
2
votes
2 answers

Issue getting credential spec (gMSA) working in docker-compose

I have a gMSA credential spec working with docker run but not with docker-compose. Details for the compose file and the docker run command are below. I'm completely lost as to what I'm missing. I did a lot of googling and I'm not sure what's going…
Daniel W
  • 41
  • 2
2
votes
1 answer

Can we Impersonate gMSA account in Delphi?

I need to use gMSA account to connect SQL Server from my delphi application. So, can I use delphi's LogonUser() to get handle to impersonate this gMSA account? If yes, what password I need to supply as an argument to this LogonUser()? Please advise.
D. Venkata Naresh
  • 361
  • 2
  • 14
2
votes
2 answers

Can gMSA be used between trusted domains?

Can gMSA accounts be used across two trusted domains? Say there is a DomainA which has gMSA account, and security group that is allowed to retrieve password for the gMSA account. And there is a server that belongs to DomainB that is part for…
Stanislaw Wozniak
  • 37
  • 1
  • 2
2
votes
0 answers

Make a call with a gMSA account

My system administrator made a gMSA for me to use with my work with containers. I am able to do the simple things with it (like test that it is working correctly). But I cannot figure out how to use it for more than hosting and such. How can I…
Vaccano
  • 78,325
  • 149
  • 468
  • 850
1
vote
1 answer

Use gMSA for Hashicorp Vault mssql credential rotation

I want to start using Vault to rotate credentials for mssql databases, and I need to be able to use a gMSA in my mssql connection string. My organization currently only uses Windows servers and will only provide gMSAs for service…
Max B
  • 11
  • 1
1
vote
0 answers

How to make Kubernetes container/pod running as GMSA account work with SQL Server FILESTREAM table

We have the following setup in our infrastructure: ASP.NET Core service running in a Windows container/pod running in Kubernetes on a domain-joined Windows host (we have tested with both nano and server-core images) Followed the documentation on…
Himanshu Swami
  • 41
  • 5
1
vote
0 answers

Execute commands using gMSA account

I need to fetch the VM details using gMSA account $Username = 'domain\gMSA-Auto$' Connect-VIServer -server 192.xxx.xxx.xxx -User $Username Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false Set-PowerCLIConfiguration…
Empty Coder
  • 589
  • 6
  • 19
1
2 3