Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSFT_ADManagedServiceAccount to optionally accept an array of SPNs and also support for TrustedForDelegation #717

Open
rismoney opened this issue Aug 30, 2024 · 0 comments

Comments

@rismoney
Copy link
Contributor

rismoney commented Aug 30, 2024

Problem description

Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.

There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.

Verbose logs

n/a

DSC configuration

n/a

Suggested solution

        ADManagedServiceAccount 'ExampleStandaloneMSA'
        {
            Ensure             = 'Present'
            ServiceAccountName = 'Service01'
            AccountType        = 'Standalone'
           **ServicePrincipalNames = @('MSSQLSvc/sqlalias.contoso.com:1433','MSSQLSvc/hostname.contoso.com:1433')
           TrustedForDelegation = $true**
        }

Operating system the target node is running

Win2022

PowerShell version and build the target node is running

5.x Win2022

ActiveDirectoryDsc version

ActiveDirectoryDsc 6.2.0
@rismoney rismoney changed the title MSFT_ADManagedServiceAccount to optionally accept an array of SPNs MSFT_ADManagedServiceAccount to optionally accept an array of SPNs and also support for TrustedForDelegation Aug 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant