Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.
There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.
Problem description
Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.
There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.
Verbose logs
DSC configuration
Suggested solution
Operating system the target node is running
PowerShell version and build the target node is running
ActiveDirectoryDsc version