2.140 Class msDS-GroupManagedServiceAccount

The group managed service account class is used to create an account that can be shared by different computers in order to run Windows services.

 cn: ms-DS-Group-Managed-Service-Account
 ldapDisplayName: msDS-GroupManagedServiceAccount
 governsId: 1.2.840.113556.1.5.282
 objectClassCategory: 1
 rdnAttId: cn
 subClassOf: computer
 systemMustContain: msDS-ManagedPasswordInterval
 systemMayContain: msDS-GroupMSAMembership, msDS-ManagedPasswordPreviousId, 
  msDS-ManagedPasswordId, msDS-ManagedPassword
 systemPossSuperiors: container, organizationalUnit, domainDNS
 schemaIdGuid: 7b8b558a-93a5-4af7-adca-c017e67f1057
 defaultSecurityDescriptor: D:
  (OD;;CR;00299570-246d-11d0-a768-00aa006e0529;;WD)
  (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)
  (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)
  (OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)
  (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)
  (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)
  (OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-
  00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-
  0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-
  00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-
  0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)
  (OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)
  (OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)
  (OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)
  (OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)
  (OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
  (OA;;RP;e362ed86-b728-0842-b27d-2dea7a9df218;;WD)
 defaultHidingValue: FALSE
 systemOnly: FALSE
 defaultObjectCategory: CN=ms-DS-Group-Managed-Service-Account,<SchemaNCDN>
 systemFlags: FLAG_SCHEMA_BASE_OBJECT

Version-Specific Behavior: First implemented on Windows Server 2012 operating system.