Event banner

What's new in Active Directory

Event Ended
Tuesday, Nov 28, 2023, 10:00 AM PST
Online

Event details

Lean in as software developers from the Active Directory software engineering team dive into the latest improvements in Active Directory. We'll cover key areas of investment including scalability, se...
Char_Cheesman
Updated Dec 27, 2024
Technical Takeoff
Wayne_McIntyre's avatar
Wayne_McIntyre
Icon for Microsoft rankMicrosoft
Nov 27, 2023
Hi Andrew, The session will cover dMSAs briefly as well as have a link to a short demo. This was a joint effort with our Auth/Kerberos team and they will also be publishing doc's on it and step by step instructions on usage and deployment. The main differences between a dMSA and a gMSA is: 1. dMSAs allow migration from existing user accounts that are used for services to be superseded/migrated by a dMSA. 2. dMSAs allow the credential keys to be bound to credguard 3. dMSAs keys are retrieved via kerberos 4. dMSAs passwords are never returned to client (cannot query attirbute over ldap) and password is never stored locally where dMSAs are used
FiRem002295's avatar
FiRem002295
Copper Contributor
Jul 01, 2024

How are dMSA's any different to the original MSA's (pre-cursor to gMSA's), if these are regressing from multiple computes back to singular?

  • Kumar's avatar
    Kumar
    Occasional Reader
    Jul 02, 2024
    To the best of my understanding, dMSAs are associated with machine identity and, when paired with credential guard, provide enhanced protection against credential harvesting techniques. They facilitate migration from regular service accounts (not to be confused with MSA's).
Date and Time
Nov 28, 202310:00 AM - 10:30 AM PST