Forum Discussion

Copper Contributor

Feb 15, 2022

Solved

MDI GMSA Forest/Multi Domain

Trying to get a GMSA to work in Child Domain. I have it setup, working, with sensor Running in the Forest Root. I followed the advise to create a Universal Group and add Domain Controllers in Fores...

Martin_Schvartzman
Feb 16, 2022
EliOfek CHRIS_chipotle

The official statement states that the gMSAs' boundary is the domain and not the forest (https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts#BKMK_Intro)

Having said that, we've accomplished to get it to work with a domain trust but not in a root-child scenario.

CHRIS_chipotle

Copper Contributor

Feb 15, 2022

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/using-gmsa-account-in-microsoft-defender-for-identity-in-multi/ba-p/2942690

Forgot to add URL