Group managed Service

accounts ( GMSA)
Topics to be covered

 Benefits of GMSA
 Where can we configure GMSA ?
 Pre-Requisites
 How it gets implemented ?
Benefits of GMSA

 A group managed service account is a user account that provides a number of

capabilities:
 Automatic password management
Strong password of 120 characters
Password is unknown to any person
Password changes automatically on a regular schedule
Password change is automatically picked up by your application
Credential can be used across multiple computers
Automatic SPN registration
Where can we configure GMSA ?

 It can be configured on Task scheduler and Services on which Service accounts are
being used or can be used.
 It can not be used with existing created service accounts, To implement GMSA we will
need to create new service accounts and once we implement it then we can go ahead and
delete previously used service accounts.
 GMSA can not be used as user login account.
Pre-Requisites

 Need a Delegated OU.

 OU admins can create these in their OU
 Windows Server 2012 computer
 Group needs to be present to add computers (servers) to that.
How it gets implemented ?

 We need to create group of computers to associate with GMSA

 Next we need to Create GMSA & associate with group created in first step.
 Next we need to Install the GMSA on the intended computer(s)
 Configure the service, or scheduled task to use the GMSA
Questions ?
Thank you