Group Managed Service Accounts (GMSA) and Read-Only Domain Controllers (RODC)
Solution 1:
The "AccountPassword" attribute is ignored for gMSAs, it can be used for standard MSAs in scenarios like you describe where there is no writable access to a domain controller.
Quoting Microsoft docs: "In this case you should create the standalone MSA, link it with the appropriate computer account and assign a well-known password that needs to be passed when installing the standalone MSA on the server on the RODC-only site with no access to writable DCs."
https://docs.microsoft.com/en-us/powershell/module/activedirectory/install-adserviceaccount?view=winserver2012-ps#parameters