Support Group Managed Service Accounts

[gbiellem]

This change adds support for the use of the Group Managed Service Accounts (GMSA) when setting up the ServiceControl service through the Management Utility.

To use a GMSA enter the domain\username including the trailing dollar sign as the ServiceAccount in the management tool and leave the password field empty.

This will only work if the service account has been setup correctly as a GMSA in Active Directory. See this blog post for a simple guide on setting up GMSA ( https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/)

---

Customer request:

Description: I want the Windows Service that NServiceBus.Host.exe creates
to be executed as a Group Managed Service Account. In Windows Server 2012,
you can create a special account in Active Directory called a Group Managed
Service Account (gMSA). You can use this account to host Windows Services,
IIS App Pools, Scheduled Tasks, and more. The advantage of using a gMSA is
that you don't have to know the password. In fact, no one knows the
password. When an administrator of a server creates a Windows Service
using services.msc, he (or she) can click on the login tab, type the gMSA's
UPN and leave the password blank. The server (if it is permitted to do so)
will retrieve the managed password from Active Directory. The password is
automatically changed and refreshed on a scheduled basis.

We run as many services as we can using gMSA's.

See also Particular/NServiceBus.Host#93

[johnsimons]

@sfarmar did u test this with ServiceControl and it does not work ?

[seanfarmar]

@johnsimons no i didn't test it, i put the issue in to verify/fix this

[gbiellem]

@johnsimons - it won't work, the whole idea behind GSMA is no-one knows the password.
In the SCMU and NSB host installation we require the user to provide the user name and password to setup the service.

I'll look into this as a maintainer task.

[johnsimons]

looks good @gbiellem