September 27, 2019 at 6:51 pm
How many people out there have had success or issues with managed service accounts for sql server. Looking at consolidation of about 1000 servers and 4 domains.
September 27, 2019 at 11:52 pm
on my shop we use group managed service accounts (GMSA) for ALL SQL instances (over 800 of them)- one per service per server
works great and no issues with it.
so server A would have
this allows for total segregation of roles as well as automation as you know each service will have the exact naming after replacing the SERVERID with what is decided to be the servername
for example if someone names their servers as a combination of environment and a sequence for server PRD_1234 the gmsa could be named
GMSA_1234_SQL$
Do not use the same account for all servers as a principle of less privilege
September 30, 2019 at 12:23 pm
We do broadly the same as Frederico. Servers which are clustered together for AGs share gMSAs but otherwise they are unique.
I would not use one account across the entire estate.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply