Group Managed Service Accounts Best Practices. Thanks, but i just read a whitepaper about sql server 2012 security best practices from microsoft and they say best practices for sql server service accounts: Best practices for installing, configuring, and maintaining sharepoint server 2016” it is stated “this book will use a minimal service accounts to maintain the best possible performance by creating the least number of application pools in sharepoint.”
You can create a gmsa only if the forest schema has been updated to windows server 2012 , the master root key for active directory has been deployed, and there is at least one windows server 2012 dc in the domain in which the gmsa will be created. Understanding, implementing, best practices, and troubleshooting. Active directory audit should include establishing the rights assigned to each account, the password strength, the last time it was reset, and whether it is a domain account, local account, managed service account (msa), or group managed service account (gmsa).
Because service accounts are often managed manually from cradle to grave, they are prone to errors.
It seems that ideally, we would create 1 gmsa per service (e.g. In this section, we’ll list the most common recommendations for sharepoint service accounts: The powershell module will need to be installed on the workstation that will be used to create the accounts as well as the servers that the accounts will be used on. To prevent the compromise of all services using the same service account, each service should be using a.