My Blogs

December 27, 2020

So… After creating the KDC keys in your Active Directory we can continue with where it all is about: creating the GMSA. Before we will create the account, we first need to create a group. This group will hold all of the computeraccounts of the servers which run the services with the gMSA acccounts. It is a good practice to follow your conventions. These conventions will merely hold naming conventions, place where your group will reside and supportable items. In my case, I will just create a group named “” This is the group which will hold all the SQL…

December 27, 2020

Last posts I have been talking about Group Managed Service Accounts (GMSA). I will continue on that journey with this blog. Group managed Service accounts are nice, but you need to prepare it very well, otherwise you end up with a non working non supported estate. There are some things one should know before continue. It is wise to make all your steps repeatable, each time, over and over. You also should test it on a test environment first. You can create a simpel test environment on your laptop with Lability or just with hyper-v enabled. It is up to…

December 27, 2020

Like said in my previous post for TSql Tuesday, I am a big fan of automating stuff to be become secure by default. One of the measurements we have taken on my assignment is to implement Group Managed Service Accounts. But what are they? How can you use them and what are the benefits for SQL Server for example. In this post I will try to answer those questions. Back in the time that Windows 2012 was introduced, they also introduced Managed Service Accounts. Those managed Service accounts could be created in a OU in Active Directory. Per server you…


Maroli ICT MenuLogo

Neem contact met ons op: