-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage gMSA (Group Managed Service Account) #54
Comments
+1 this is a major part of our current Windows deployment process. We also typically create a group that contains computers, and set the group to be the lone member of |
Working on this one |
Note about this example
This is an MSA, but not a gMSA. The For supporting MSAs, you'll also want to look at |
@jpatigny Did you manage to get anything together for this? |
This would be a neat feature, any news on this one ? |
Description
Add a resource to manage GMSA based on powershell cmdlets New-ADServiceAccount, Set-ADServiceAccount and Remove-ADServiceAccount
I'm aware that there are a lot of parameters available.
Maybe it would worth to focus on the main ones (refer to examples taken mainly from Microsoft documentation page).
Potential Terraform Configuration
Example 1: Create an enabled managed service account
Example 2: Create a managed service account and register its service principal name
Example 3: Create a managed service account for a single computer
Example 4: Create a managed service account for outbound authentication only
Example 5: Create a managed service account for specific computers.
References
https://docs.microsoft.com/en-us/powershell/module/addsadministration/new-adserviceaccount?view=win10-ps
https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-adserviceaccount?view=win10-ps
https://docs.microsoft.com/en-us/powershell/module/addsadministration/remove-adserviceaccount?view=win10-ps
Community Note
The text was updated successfully, but these errors were encountered: