MSA (Managed Service Accounts) have been around since Windows Server 2008R2 with the latest incarceration of features being introduced with Windows 2012R2. The Managed Service Accounts in Windows2008R2 offered two distinct features.
- Automatic Password Management (no restart needed if password changes)
- Automatic SPN registration
However, most administrators would not have considered the adaptation as a lot of limitation still remain. MSA’s weren’t supported with applications like Exchange or SQL, cannot be used to run a scheduled task and most importantly cannot be shared across multiple host. In general there was a lack of support from 3rd party vendor.
With Windows Server 2012 gMSA’s were introduced to highlight that these were addressed and the following features are available now.
- A single gMSA can be used on multiple hosts
- A gMSA can be used to run scheduled tasks
- A gMSA can be used for IIS Application Pools, SQL 2012 (or later) and other application
So much for an introduction. A more detailed discussion about gMSAs can found here: https://technet.microsoft.com/en-us/library/hh831782.aspx
Let start at looking at setting up the required gMSA’s for our SQL 2016 installation. As mention a prerequisite is that you must be at least one Windows Server 2012 (or R2) DC in the domain.