If you’re a SQL Server guy maybe it’s not a very surprising fact, but to me it is.
I’m using gMSAs since they were introduced with Server 2012 quite often and almost for SQL Server services.
I missed the older MSA – Managed Service Accounts (or standalone/sMSA as they known since last year) and never used them as they came along with Server 2008 R2.
But a couple of days ago, a blog entry came across, where one of the SQL team member said it’s actually not supported to use gMSA for SQL Servers, written on February 2014, hugh.
I never read something like that and coulnd’t believe to overseen something like that.
Recommendations for Service Accounts are usually one of the first things they coming up.
So I started digging.
And hey… they’re several different informations or non very specific stuff due the official documentation, blog entrys of Server 2012, SQL Server 2012 (and 2008 R2/2014 as well)
You have to dig deep and read everything you can get to know about that “issue”.
2012 I started with this blog entry:
This article was corrected, SQL is highlighted and refers now to the article from the SQL Team Blog above.
But the main part about task schedule “Using a gMSA for a Scheduled Task” is still there.
Managed Service Accounts, as predecessor of gMSA, have a support matrix and SQL as well as task schedule aren’t supported.
|Microsoft IIS||Yes||You can configure IIS application pools to run managed service accounts.|
|Microsoft SQL Server||No|
And gMSAs? Where’s the table/support matrix?
I don’t know. I couldn’t find that for gMSA.
The SQL 2012 documentation (2014 and 2008 R2 looking pretty much the same) is absolutly silent about that.
Nothing about 20012/R2 or gMSAs…
Default accounts are explained but the recommendations are… seriously? 0o
Click on virtual account…
I could find some recommendations and definitely not supported and not working scenarios.
A common use of gMSA for a group of non clustered SQL is working but not supported.
At the end…
If you believe the benefits outweigh the risks of an unsupported configuration, you could continue to use gMSAs with the understanding you will need to change to a supported configuration if the need support. Personally, I would stick with the supported account types.
and a refered link of Andreas Wolter