Group Managed Service Accounts
- Supported from Server 2012
- MSA's support started from Server 2008 R2.
- Supports running scheduled tasks as well as services.
- Has 120 characters long password.
- The password is automatically reset every 30 days by default.
- MSA is local to the machine while gMSA is global (domain wide) and shared with multiple machines in the same domain.
- gMSA's Passwords are managed at Key Distribution Service (KDS) on Windows Server 2012 DCs.
- AD schema needs to be upgraded to 2012.
- No forest or functional level requirement.
Reference
No comments:
Post a Comment