Forum Discussion
Defender ATP doesnt remove old service account when switched te new account
Good day all, Last week i wanted to setup a gmsa account instead of a user account for ATP Defender for identity service. I had a test account which i later changed to the new one. The new gMS...
Thanks for your quick reply! unfortunatly the alert immediatly re-opens when i close the alert.
EliOfek
Microsoft
Microsoftthis account is no longer in the credentials list in the MDI portal ? can you make sure?
are all sensors currently reporting healthy ?
is it possible not all sensors can pull the gmsa's password for the new credentials ?
are all sensors currently reporting healthy ?
is it possible not all sensors can pull the gmsa's password for the new credentials ?
Correct. All sensors installed and confirmed as "running" ands report healthy. The current account is working.
I did a test just to switched to a non-existing account and switch back to the current working account.
And now two accounts reports credential failures, even though they are not existing and not selected as account.
I can also confirm that all dc's are in the gmsa group for receiving password.
- EliOfekWeird, this seems too challenging for a forum troubleshooting, please open a support case for this one, so the engineer can collect sensor logs and check why the sensors keep using the old credentials.
- Oke, i will do that!And thanks anyway for your efforts!
