In my previous blogs I talked about what Group Managed Service accounts are, what you need to have enabled in your Active Directory and the AD objects we needed before we can even think about using them to ease our SQL installation. But we are not there yet. In this blog post I will talk about further AD Actions and what you can do to install your server immediately with that GMSA account.

So… After creating the KDC keys in your Active Directory we can continue with where it all is about: creating the GMSA. Before we will create the account, we first need to create a group. This group will hold all of the computeraccounts of the servers which run the services with the gMSA acccounts. It is a good practice to follow your conventions. These conventions will merely hold naming conventions, place where your group will reside and supportable items.

Last posts I have been talking about Group Managed Service Accounts (GMSA). I will continue on that journey with this blog. Group managed Service accounts are nice, but you need to prepare it very well, otherwise you end up with a non working non supported estate. There are some things one should know before continue. It is wise to make all your steps repeatable, each time, over and over. You also should test it on a test environment first.

Like said in my previous post for TSql Tuesday, I am a big fan of automating stuff to be become secure by default. One of the measurements we have taken on my assignment is to implement Group Managed Service Accounts. But what are they? How can you use them and what are the benefits for SQL Server for example. In this post I will try to answer those questions. Back in the time that Windows 2012 was introduced, they also introduced Managed Service Accounts.