Skip to content

ADManagedServiceAccount: Add support for setting the SAM account name and (common) name separately #644

New issue
New issue
Closed
#661
#659
Closed
ADManagedServiceAccount: Add support for setting the SAM account name and (common) name separately#644
#661
#659
Labels
enhancementThe issue is an enhancement request.help wantedThe issue is up for grabs for anyone in the community.
@Antiohne

Description

@Antiohne
Antiohne
opened on Jan 20, 2021

Details of the scenario you tried and the problem that is occurring

The ADManagedServiceAccount DSC resource configures Managed Service Accounts via the ServiceAccountName parameter only with the Security Account Manager (SAM) account name and the specified value is also applied to the (common) name of the object. When using the New-ADServiceAccount cmdlet you have to configure the SAM account name with it's 15 character limit but you can also configure the (common) name with a longer more friendly name.

Example:

New-ADServiceAccount -Name "MyMoreFancyServiceLongName01" -SamAccountName "Service01" -DNSHostName "MyMoreFancyServiceLongName01.mydomain.com"

This results in a Managed Service Account with a distinguished name of CN=MyMoreFancyServiceLongName01,CN=Managed Service Accounts,DC=mydomain=DC=com instead of CN=Service01,CN=Managed Service Accounts,DC=mydomain=DC=com which is generated by the current DSC resource. Trying to use the longer name with the DSC task will result in a fault that indicates the length restriction regarding SAM account names.

Verbose logs showing the problem

N/A

Suggested solution to the issue

Please add an option to specify the SAM account name and the name separately in the ADManagedServiceAccount DSC resource.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration ADManagedServiceAccount_CreateManagedServiceAccount_Config
{
    Import-DscResource -Module ActiveDirectoryDsc

    Node localhost
    {
        ADManagedServiceAccount 'ExampleStandaloneMSA'
        {
            Ensure = 'Present'
            ServiceAccountName = 'Service01'
            AccountType = 'Standalone'
        }
    }
}

The operating system the target node is running

Windows Server 2019

Version and build of PowerShell the target node is running

PSVersion: 5.1.17763.1490
PSEdition: Desktop
PSCompatibleVersions: {1.0, 2.0, 3.0, 4.0...}
BuildVersion: 10.0.17763.1490
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Version of the DSC module that was used

6.0.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementThe issue is an enhancement request.help wantedThe issue is up for grabs for anyone in the community.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions