The service account class is used to create accounts that are used for running Windows services. cn: ms-DS-Managed-Service-Account ldapDisplayName: msDS-ManagedServiceAccount governsId: 1.2.840.113556.1.5.264 objectClassCategory: 1 rdnAttId: cn subClassOf: computer systemPossSuperiors: domainDNS...
The group managed service account class is used to create an account that can be shared by different computers in order to run Windows services. cn: ms-DS-Group-Managed-Service-Account ldapDisplayName: msDS-GroupManagedServiceAccount governsId: 1.2.840.113556.1.5.282 objectClassCategory: 1...
2.479 Attribute msDS-SupersededManagedAccountLinkBL 2.480 Attribute msDS-SupersededServiceAccountState 2.481 Attribute msDS-SupportedEncryptionTypes 2.482 Attribute msDS-SyncServerUrl 2.483 Attribute msDS-TasksForAzRole 2.484 Attribute msDS-TasksForAzRoleBL 2.485 Attribute msDS-TasksForAzTask 2.486 Attribute m...
2.479 Attribute msDS-SupersededManagedAccountLinkBL 2.480 Attribute msDS-SupersededServiceAccountState 2.481 Attribute msDS-SupportedEncryptionTypes 2.482 Attribute msDS-SyncServerUrl 2.483 Attribute msDS-TasksForAzRole 2.484 Attribute msDS-TasksForAzRoleBL 2.485 Attribute msDS-TasksForAzTask 2.486 Attribu...
2.479 Attribute msDS-SupersededManagedAccountLinkBL 2.480 Attribute msDS-SupersededServiceAccountState 2.481 Attribute msDS-SupportedEncryptionTypes 2.482 Attribute msDS-SyncServerUrl 2.483 Attribute msDS-TasksForAzRole 2.484 Attribute msDS-TasksForAzRoleBL 2.485 Attribute msDS-TasksForAzTask 2.486 Attribute msDS...
For a given computer or user account, this attribute specifies the list of service principal names (SPN) corresponding to Windows services that can act on behalf of the computer or user account. cn: ms-DS-Allowed-To-Delegate-To ldapDisplayName: msDS-AllowedToDelegateTo ...
This attribute is the forward link from a service account to a delegated managed service account object cn:
Define function GmsaSD(), which returns thesecurity descriptorcorresponding to the policy on all msDS-GroupManagedServiceAccount object keys: static const BYTE gmsaSecurityDescriptor[] = {/* O:SYD:(A;;FRFW;;;S-1-5-9) */ 0x01, 0x00, 0x04, 0x80, 0x30, 0x00, 0x00, 0x00, 0x00, ...
2.479 Attribute msDS-SupersededManagedAccountLinkBL 2.480 Attribute msDS-SupersededServiceAccountState 2.481 Attribute msDS-SupportedEncryptionTypes 2.482 Attribute msDS-SyncServerUrl 2.483 Attribute msDS-TasksForAzRole 2.484 Attribute msDS-TasksForAzRoleBL 2.485 Attribute msDS-TasksForAzTask 2.486 Attribute...
2.479 Attribute msDS-SupersededManagedAccountLinkBL 2.480 Attribute msDS-SupersededServiceAccountState 2.481 Attribute msDS-SupportedEncryptionTypes 2.482 Attribute msDS-SyncServerUrl 2.483 Attribute msDS-TasksForAzRole 2.484 Attribute msDS-TasksForAzRoleBL 2.485 Attribute msDS-TasksForAzTask 2.486 Attribut...