Currently DRA does not directly support managing MSA (Managed Service Account) or gMSA (Group Managed Service Account). These accounts provide an easier method for automatic password management and simplified SPN management. In addition, gMSA provide the ability to be utilized on multiple hosts, leveraged with scheduled tasks and also with IIS Application Pools.
Please add support for these types of accounts in an upcoming DRA release.
MS info here
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831782(v=ws.11)
by: Frank B. | over a year ago | Integrations
Comments
Are there any news about supporting gMSA account in NetIQ DRA?
What are your use cases for gMSA and common functions that you are looking for support within DRA? We will be adding management of gMSA within DRA 10.1
Hi Jeff
We create/delete our gMSA through a web gui. The creation process creates a Group defined for the gMSA itself with a Special naming convention. After the Group creation, we create the gMSA with the corresponding Group linked. After the creation of the account, the account sometimes need to be add to other AD groups for permissions purpose on SQL servers or something else. Normally every user/group mutation will be done in DRA. And this is one keypoint that is not possible in the current DRA release.