search

dsccommunity / ActiveDirectoryDsc

This module contains DSC resources for deployment and configuration of Active Directory Domain Services.
MIT License
344 stars 142 forks source link

MSFT_ADManagedServiceAccount to optionally accept an array of SPNs and also support for TrustedForDelegation #717

Open rismoney opened 2 months ago

rismoney commented 2 months ago

Problem description

Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.

There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.

Verbose logs

n/a

DSC configuration

n/a

Suggested solution

        ADManagedServiceAccount 'ExampleStandaloneMSA'
        {
            Ensure             = 'Present'
            ServiceAccountName = 'Service01'
            AccountType        = 'Standalone'
           **ServicePrincipalNames = @('MSSQLSvc/sqlalias.contoso.com:1433','MSSQLSvc/hostname.contoso.com:1433')
           TrustedForDelegation = $true**
        }

Operating system the target node is running

Win2022

PowerShell version and build the target node is running

5.x Win2022

ActiveDirectoryDsc version

ActiveDirectoryDsc 6.2.0