Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional Accounts / gMSA Support #6

Open
deedubb opened this issue Jan 17, 2024 · 0 comments
Open

Additional Accounts / gMSA Support #6

deedubb opened this issue Jan 17, 2024 · 0 comments

Comments

@deedubb
Copy link

deedubb commented Jan 17, 2024

Hello,

In https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/windows-server-container-tools/ServiceAccounts/CredentialSpec.psm1 we see references to "gmsa3" an account residing in a child domain. I am attempting to get gMSA working over a domain trust (not a child domain). I have created a GMSA account in the other domain, however, I cannot figure out how to configure it, and how to keep the password in keyvualt.

The powershell script here suggests that I add the netbios/dns entry for the domain:

credspec:
ActiveDirectoryConfig:
GroupManagedServiceAccounts:
- Name: AppNpd_GMSA
Scope: MAINDOMAIN
- Name: AppNpd_GMSA
Scope: maindomain.local
- Name: AppNpd_GMSA
Scope: TRUSTDOMAIN
- Name: AppNpd_GMSA
Scope: trustdomain.local

However, I would expect the system needs the password/secret for the account as well; no?

Is my approach wrong? do I make multiple gmsa-spec files? never been done/never been tested?

Any assistance would be greatly appreciated!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@deedubb