Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 15, 2020 9:35 AM
Hi,
We are trying to perform Exchange operations using GMSA account and operation is failing.
Is it possible to Perform exchange operations using GMSA account in Exchange server 2016 or any other server versions.
(Process w3wp.exe, PID 11568) "RBAC authorization returns Access Denied for user <Domain>\gMSA-ARAdminSvc$ (SID=S-1-5-21-423581580-3172201257-1489594567-2902). Reason: User was not found on Domain Controller WS19AD.xyz.lab."
any ideas on the proper gMSA Exchange permissions required or its not possible to perform exchange operations using GMSA account?
Even below cmdlet fails
Set-user "GMSAaccount" -REmotePowershellEnabled $true
Thanks, Harish
All replies (3)
Sunday, July 19, 2020 6:16 PM
Hi
Did you add that account to a role group or did you create a custom one? in other words, does the GMSA account mentioned have access to recipient configuration or help desk etc? what do you want the account to be able to perform? Look at all the built in groups that comes with Exchange, if none of them work for you then you can create a new one.
Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Monday, July 20, 2020 5:44 AM
Hi Harish,
Group Managed Service Accounts (gMSA) are not supported in on-premises Exchange Server environments and thus cannot be used to perform Exchange things.
Reference link: Configure Kerberos authentication for load-balanced Client Access services
This Exchange Server 2016 – Administration Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post** for more details.**
Regards,
Eric Yin
Exchange Server 2016 – Administration forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.
For more information, please refer to the sticky post.
Friday, July 24, 2020 8:16 AM
Hi, I'm here to confirm with you if your issue has been resolved. If the problem is successfully solved, you can share your solution and mark them or the helpful reply as answer, this will make answer searching in the forum easier and be beneficial to other community members as well.
This Exchange Server 2016 - Mail Flow and Secure Messaging Forum will be migrating to a new home onMicrosoft Q&A, please refer to this sticky post** for more details.**
Regards,
Eric Yin
Exchange Server 2016 - Mail Flow and Secure Messaging Forum forum will be migrating to a new home on Microsoft Q&A! We invite you to post new questions in the new forum.
For more information, please refer to the sticky post.