Forum Discussion

jazzer's avatar
jazzer
Copper Contributor
May 06, 2020

Medium Alert Read-only user password to expire shortly on GMSA

Hi Azure ATP Team,

my Azure ATP is configured runs with a Group Managed Service Account to read the ADDS. Why ATP Alert my abount "Read-only user password to expire shortly" by a GMSA?

 

Kind Regards

Steve 

  • The fact that we even alert on gmsa accounts is a bug, you don't have anything to do in that regards...

    There is no question about it..

     

    I asked because I am trying to figure out why it pops in your case and not in others.

    by default, when you define the gmsa account, it's password expiry policy is 1 month, but you can change it. my question was if you changed it to something lower than 1 month...

  • Hi jazzer 

     

    Are you still seeing the health alert on the gMSA? 

     

    Are the sensors still working? 

     

    Thanks

    Gershon [MSFT]

    • jazzer's avatar
      jazzer
      Copper Contributor

      Hi Gerson Levitz

       

      Yes the Alert is still active and the Sensors are still working. I want the system to manage the password. I don't want to have to set the gmsa to Password never expiere!

       

      The Medium Alert is:

      A health issue occurred in contoso

      The password for the read-only user, contoso.com\gmsa-ATPSensor$, expires on 5/29/2020 6:58:43 AM UTC. The read-only user is used by the Sensor services to perform LDAP queries against the domain controllers in the environment. If the password expires, the system will stop functioning as expected.

       

       

      • EliOfek's avatar
        EliOfek
        Icon for Microsoft rankMicrosoft

        jazzer What is the password expiry policy for this account/domain ?

        The default for gmsa is to roll passwords once a month. any chance you changed it to something lower?

Resources