Return
-
Title
Allow a blank user name and password in the connection configuration for AD -
Description
In order to use an Active Directory Group Managed Service Account (gMSA), it must be possible to leave the user name and password blank in the configuration of an Active Directory (AD) connection, thus forcing authentication via the currently logged on user. The sync editor and AD connection configuration do not allow this. -
Cause
This is a product defect (#32693). -
Resolution
WORKAROUND: None
STATUS: This is fixed in version 8.1.3 and above. For older versions, please contact Support and ask for a copy of the fix for 32693. -
Change Request
32693 -
Additional Information
After upgrading to version 8.1.3, 8.2.0, or higher, If a gMSA is needed for running the sync, configure the job service to run as gMSA and leave the credentials of the component empty. The sync component itself cannot retrieve the credentials of the gMSA at runtime.