How to use Managed Service Accounts in PDQ Deploy?
We would like to use a Managed Service Account as a "Credential" as it simplifies password management for us. Unfortunately, PDQ Deploy fails during the "Initialize PDQ Deploy" Wizard in the "Credentials" step with the error message "User name or password invalid". Is it possible to use Managed Service Accounts with PDQ Deploy and if so, how? Otherwise, are there plans to support Managed Service Accounts in PDQ Deploy?
I'm assuming you mean an actual managed service account, and not just a user you've created in AD to act as the user that the PDQ service uses? As referenced here:
If the above is the case, did you do this on the server running PDQ Deploy?:
To install a managed service account on a local computer
Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell icon.
Run the following command: Install-ADServiceAccount [-Identity] <ADServiceAccount> [-Confirm] [-WhatIf] [-Credential <PSCredential>].
I know how to use Managed Service Accounts (MSAs) and executed the commands that you mentioned. In a private support request to Admin Arsenal I found out that PDQ Deploy does not support MSAs. So consider this question to be answered.
Is it true that PDQ does not support MSAs? Will it be supported in the future roadmaps?
We have increasing need for this with many security audits not allowing "domain admin" rights on service accounts.
If this can be setup that would help huge in security posture
We would also like this feature.
Please sign in to leave a comment.