Problem description
Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.
There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.
Verbose logs
DSC configuration
Suggested solution
ADManagedServiceAccount 'ExampleStandaloneMSA'
{
Ensure = 'Present'
ServiceAccountName = 'Service01'
AccountType = 'Standalone'
**ServicePrincipalNames = @('MSSQLSvc/sqlalias.contoso.com:1433','MSSQLSvc/hostname.contoso.com:1433')
TrustedForDelegation = $true**
}
Operating system the target node is running
PowerShell version and build the target node is running
ActiveDirectoryDsc version
Problem description
Assuming a very large number of Managed Service Account management, it is not performant to manage their SPNs and TrustedForDelegation setting independently.
There already is a separate resource for Service Principal Names, but it would be very helpful to add the ability to set the SPN attribute for the AD Managed Service Account via the MSFT_ADManagedServiceAccount directly. Also the AD User supports TrustedForDelegation.
Verbose logs
DSC configuration
n/aSuggested solution
Operating system the target node is running
PowerShell version and build the target node is running
ActiveDirectoryDsc version