Tuesday 9 December 2014

AD Managed Service accounts vs SharePoint Managed Accounts


So sometimes I get the following question from a customer:
“Can I use Managed Service Accounts with SharePoint?”
My answer is:
“What exactly do you mean?”
As the title of this post already gave away, there are 2 different types of Managed Accounts in the Microsoft ecosystem, being:
  1. Active Directory Managed Services Accounts
    The managed service account is designed to provide crucial applications such as Exchange Server and IIS with the isolation of their own domain accounts, while eliminating the need for an administrator to manually administer the service principal name (SPN) and credentials for these accounts. Passwords are automatically created for the MSA when the account is created, and refreshed every 30 days. You can change a password manually. The default behavior is that the password for the managed service account is automatically updated.What you need to remember from that definition is: Managed Service Accounts are managed by Active Directory and provide automatic password updates.
  2. SharePoint 2010/2013 Managed Accounts
    A Managed Account is an Active Directory user account whose credentials are managed by and contained within SharePoint.  In addition to storing the credentials of the object, Microsoft SharePoint Server 2010/2013 can also leverage Active Directory Domain Policies to  automatically reset passwords while meeting the requirements established by policy.What you need to remember from that definition is: Managed Accounts are managed by SharePoint (2010/2013) and provide automatic password updates.
Some interesting extra information: Active Directory Managed Service Accounts require the AD Schema to be on level Windows 2008 R2.
So, what can we use? Easy!
Active Directory Managed Service Accounts are NOT supported for SharePoint.
SharePoint Managed Accounts are used (if you like it or not) in SharePoint 2010 and 2013.
More information:
Great post about AD Managed Service Accounts:
http://blogs.technet.com/b/askds/archive/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting.aspx
Great post about SharePoint Managed Accounts:
http://blogs.technet.com/b/wbaer/archive/2010/04/11/managed-accounts.aspx

Reference:

http://www.sharepointom.be/blog/?p=37

No comments:

Post a Comment