Hunt for the gMSA secrets


Group Managed Service Accounts (gMSA’s) can be used to run Windows services over multiple servers within the Windows domain.

Since the launch of Windows Server 2012 R2, gMSA has been the recommended service account option for AD FS. As abusing AD FS is one of my favourite hobbies, I wanted to learn how gMSAs work.


What is gMSA?

According to Microsoft’s documentation, there are multiple options for running services:

Principals Services supported Password management Computer Ac…

Read More