How do I use long names to refer to Group Managed Service Accounts (gMSA)?

Commonly domain user accounts are used as service accounts.

Yes, and no. Domain user accounts are commonly used as service logon accounts. This specific use of user accounts is not really the same as a Managed Service Account.


Anyways, the Managed Service Account object class does in fact have a userPrincipalName, but it doesn't seem to get populated by default when you create a new managed service account.

The New-ADServiceAccount cmdlet accepts a parameter called OtherAttributes which allows you to set account attributes by LDAP Display Name:

New-ADServiceAccount -Name longName -sAMAccountName truncname -OtherAttributes @{'userPrincipalName'="[email protected]"}