Automatic process for service account password rotation

Follow

Michale, Robert

• June 28, 2022 11:21

A service account with domain admin and exchange admin rights is considered a highly privileged account and needs to be properly protected. In the modern environment, such account is managed by a "password manager", that takes care of password rotation and prevents any user to have the correct password at hand (without checking out the password for a reason).

GroupID does not provide ways to rotate the password automatically - besides the ancient manual process using the configuration wizard, which takes time and requires human intervention.

Implementation of the service account password rotation using PowerShell or API call would be the perfect solution and would provide a universal way to integrate the process into any password management tool used.

 

Thank you.

1

• 

  James Bowman

  • May 08, 2023 20:43

  Bump

  0

  Comment actions Permalink
• 

  Jonathan Blackwell

  • May 08, 2023 21:22

  GroupID supports gMSA accounts. This is the Microsoft recommended method of automating password rotation on elevated accounts. Have you tried that option or was there another use case you had in mind?

  0

  Comment actions Permalink
• 

  Michale, Robert

  • May 12, 2023 12:29

  gMSA is not an option in our environment at this point. That is why I'm looking for a programmatic way to rotate the password. API, PS... whatever can be called by a script/software. 

  0

  Comment actions Permalink

Please sign in to leave a comment.