Skip to content

Update manage-group-managed-service-accounts.md #8107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
WAftring wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update manage-group-managed-service-accounts.md #8107

WAftring wants to merge 2 commits into from
+2 −0

Conversation

@WAftring
Copy link
Contributor

@WAftring WAftring commented Dec 9, 2025

No description provided.

@WAftring WAftring requested a review from a team as a code owner December 9, 2025 21:32
@WAftring WAftring requested review from robinharwood and removed request for a team December 9, 2025 21:32
@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Dec 9, 2025

Learn Build status updates of commit ac4202f:

✅ Validation status: passed

File Status Preview URL Details
WindowsServerDocs/identity/ad-ds/manage/group-managed-service-accounts/group-managed-service-accounts/manage-group-managed-service-accounts.md ✅Succeeded

For more details, please refer to the build report.

@v-dirichards v-dirichards requested a review from Copilot December 9, 2025 21:57
@v-dirichards
Copy link
Contributor

v-dirichards commented Dec 9, 2025

#assign: @robinharwood, @dknappettmsft

@robinharwood @dknappettmsft
Can you review the proposed changes?

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged tracking label for the PR review team label Dec 9, 2025
@prmerger-automator
Copy link
Contributor

prmerger-automator bot commented Dec 9, 2025

@WAftring : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

Copilot AI reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds documentation about Kerberos encryption type requirements for systems using group-managed service accounts (gMSAs).

  • Adds a new requirement bullet point explaining that systems must support required Kerberos encryption types to use gMSAs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

...ged-service-accounts/group-managed-service-accounts/manage-group-managed-service-accounts.md Outdated

- All systems involved in the authentication process must have synchronized clocks. Kerberos is sensitive to time configuration, and discrepancies can cause authentication failures.

- All systems that are intended to logon as, or be installed with a gMSA must support Kerberos encryption types required by gMSA. Systems that do not meet this requirement cannot log on or install gMSA.
Copy link

Copilot AI Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The phrasing "cannot log on or install gMSA" is unclear. It should be "cannot log on as a gMSA or have a gMSA installed" to maintain parallel structure and clarity with the first part of the sentence.

Suggested change
- All systems that are intended to logon as, or be installed with a gMSA must support Kerberos encryption types required by gMSA. Systems that do not meet this requirement cannot log on or install gMSA.
- All systems that are intended to log on as a gMSA or have a gMSA installed must support the Kerberos encryption types required by gMSA. Systems that do not meet this requirement cannot log on as a gMSA or have a gMSA installed.

Copilot uses AI. Check for mistakes.
@v-dirichards
Update WindowsServerDocs/identity/ad-ds/manage/group-managed-service-…
9a744d6 
…accounts/group-managed-service-accounts/manage-group-managed-service-accounts.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@learn-build-service-prod
Copy link
Contributor

learn-build-service-prod bot commented Dec 9, 2025

Learn Build status updates of commit 9a744d6:

✅ Validation status: passed

File Status Preview URL Details
WindowsServerDocs/identity/ad-ds/manage/group-managed-service-accounts/group-managed-service-accounts/manage-group-managed-service-accounts.md ✅Succeeded

For more details, please refer to the build report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@robinharwood robinharwood Awaiting requested review from robinharwood robinharwood is a code owner automatically assigned from MicrosoftDocs/windowsserverdocs-admin

@dknappettmsft dknappettmsft Awaiting requested review from dknappettmsft

Assignees

@robinharwood robinharwood

@dknappettmsft dknappettmsft

Labels

ad-ds/subsvc aq-pr-triaged tracking label for the PR review team Change sent to author do-not-merge windows-server/svc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@WAftring @v-dirichards @robinharwood @dknappettmsft