We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
In https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/windows-server-container-tools/ServiceAccounts/CredentialSpec.psm1 we see references to "gmsa3" an account residing in a child domain. I am attempting to get gMSA working over a domain trust (not a child domain). I have created a GMSA account in the other domain, however, I cannot figure out how to configure it, and how to keep the password in keyvualt.
The powershell script here suggests that I add the netbios/dns entry for the domain:
credspec: ActiveDirectoryConfig: GroupManagedServiceAccounts: - Name: AppNpd_GMSA Scope: MAINDOMAIN - Name: AppNpd_GMSA Scope: maindomain.local - Name: AppNpd_GMSA Scope: TRUSTDOMAIN - Name: AppNpd_GMSA Scope: trustdomain.local
However, I would expect the system needs the password/secret for the account as well; no?
Is my approach wrong? do I make multiple gmsa-spec files? never been done/never been tested?
Any assistance would be greatly appreciated!
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
In https://github.com/MicrosoftDocs/Virtualization-Documentation/blob/live/windows-server-container-tools/ServiceAccounts/CredentialSpec.psm1 we see references to "gmsa3" an account residing in a child domain. I am attempting to get gMSA working over a domain trust (not a child domain). I have created a GMSA account in the other domain, however, I cannot figure out how to configure it, and how to keep the password in keyvualt.
The powershell script here suggests that I add the netbios/dns entry for the domain:
credspec:
ActiveDirectoryConfig:
GroupManagedServiceAccounts:
- Name: AppNpd_GMSA
Scope: MAINDOMAIN
- Name: AppNpd_GMSA
Scope: maindomain.local
- Name: AppNpd_GMSA
Scope: TRUSTDOMAIN
- Name: AppNpd_GMSA
Scope: trustdomain.local
However, I would expect the system needs the password/secret for the account as well; no?
Is my approach wrong? do I make multiple gmsa-spec files? never been done/never been tested?
Any assistance would be greatly appreciated!
The text was updated successfully, but these errors were encountered: