SQL Server FCI – Implementing gMSA Account

active-directorysql serversql server 2014sql-server-2012sql-server-2016

I have a question on implementing gMSA account for managing authentication to SQL server.

Our goal is to use gMSA account to manage the auto password change activities for SQl server service and it's agent service.

Few questions-

  1. Does implementing gMSA works for 2 node SQL FCI and 3 or 4 Node Always on AG,s?

  2. Since I just want to run SQl server with that gMSA account is there any special permissions needs to be granted at server or database level while running both SQL and agent services?

Our AD team gets all the background work related to creation of those accounts. Once ready we are just handed over the abc$ account e.g. to use them for running SQL services without entering the need of any password.

Please advise any catch of implementing gMSa here.

Best Answer

Does implementing gMSA works for 2 node SQL FCI and 3 or 4 Node Always on AG,s?

Yes it does work.

Since I just want to run SQl server with that gMSA account is there any special permissions needs to be granted at server or database level while running both SQL and agent services?

Nope, the installer will take care of that.

Please advise any catch of implementing gMSa here.

If certain windows services don't start before SQL Server, then authentication can't take place and SQL Server will fail to start up. This doesn't happen very often and generally when it does there is some other issue with the server that is causing this symptom and behavior.

Related Question