[Samba] samba and group managed service accounts (GMSA)

Dr. Hansjörg Maurer hansjoerg.maurer at itsd.de
Fri Feb 12 16:53:20 UTC 2021


we have been successfully running an "azure ad connect cloud 
provisioning agent" to sync our local samba-4.12.11 AD to azure.

With the recent agent update MS seems to rely on Group Managed Service 
Accounts (GMSA)

Our samba AD has 2012_R2 schema level with GSMA attrinutes and I did a 
samba-tool domain functionalprep to 2012_R2

But when the agent tries to create an GMSA it logs the following error

confirmation step ended with an error: System.NullReferenceException: 
Object reference not set to an instance of an object.at 

Are GMSA's supported by samba4-ad and is ther a way toe create one 
manually (LDIF)?

Thanks a lot



Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.

More information about the samba mailing list