Difference between Managed Service Account and Non Interactive Server Account in AD

active-directory ldap windows-server-2019 managed-service-accounts

Just out of Curiosity also I couldn't find the answers to this anywhere, I am learning AD LDAP and came across a scenario for using non interactive service account for binding LDAP. I am not able to understand the uses of of these account types. Any help/explanation is deeply appreciated!


Solution 1:

Managed Service Accounts are more secure then ordinary service accounts. Ordinary service accounts are normal user accounts with complex passwords used for running various server services. Managed Service Accounts are different. They can only created with PowerShell. During their creation it must be declared on witch computers they will be used. Also on the computers on which they will be used they must be registered. With MSA you as administrator do not set the account's password, the domain controller does, and domain controller automatically charges the password regularly. Same as computer accounts. Applications must be programed to support them. All major database softwares suport them. Scheduled task can be created that are executed with them but also only with PowerShell. They can be added to security groups. This is very powerful technology for more security.

Related

can I have A record and MX record for the same hostname?
nvme device dropouts - I/O 0 QID 0 timeout, controller disabled
Nginx redirect to another domain without trailing uri
Different Nginx redirects based on upstream proxy response
How to find out why systemd reloads unit?
Removing specific characters from a string on ansible
How to block potential attackers on my server
Detect if program is running with full administrator rights
Selenium python Error: element could not be scrolled into view
Dynamically get drawables by ID
How to write UTF-8 characters using bulk insert in SQL Server?
"Fish and chips shop" or "fish and chip shop"?