Blog Post

Setup Kerberos Constrained Delegation for Group Managed Service Accounts

,

Kerberos delegation is not a new concept in Active Directory; however, setting it up for Group Managed Service Accounts (gMSA) can be a bit confusing. Unlike normal domain accounts, gMSAs do not have a GUI for configuring delegation. Those configuraitons will need to be handled through PowerShell. A common use for Kerberos delegation is to solve the authentication double hop. For example, a user accesses a report which is configured to use a remote data source. That’s one hop from the user’s workstation to the webserver and then a second hop from the webserver to the data source. Our environment...

Original post (opens in new tab)
View comments in original post (opens in new tab)

Rate

Share

Share

Rate