How can we improve Active Directory in Windows Server?

← Active Directory

Allow group managed service Accounts (gMSA) to have a dummy password

It's 2017 and there's still Server Software (even microsoft's own - like TFS), which is not able to handle gMSAs, because the password field is mandatory.
Since that software probably uses windows function to sign-in as such a user, it would be nice to have a mechanism, which allowed us to just use a dummy password for such an account - like "groupManaged" or "-" whatever else.

So perhaps this is possible, that Windows Server introduces a mechanism allowing to type a password in the mandatory password fields, which signalizes the same as an empty password for gMSAs.

1 vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Thomas Glatzer shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Ryan Bolger commented  ·   ·  Flag as inappropriate

    If I understand correctly, you're essentially asking for an option to set a "fake" password on a gMSA that AD will accept as valid, but not actually give you a valid auth token for?

    Wouldn't that just break a bunch of apps who explicitly try to use the fake password when they authenticate with the account, think they've succeeded, and then fail to do what they want to do?

Active Directory: Logon, Passwords

Categories

Feedback and Knowledge Base

(thinking…)