Group Manage Service Account gMSA lost ability to fetch password from domain service
We have environment which heavily utilise gMSA and any changes are strictly review prior implmenting.
There is one gMSA which suddenly lost the ability to retrieve/fetch password from the Domain Service. Based on th evenet logs we suspect the password was initially renewed by the domain service and we couldnt determine the rootcause of the issue on why it failed to retreieve the password from the domain services.
The issue was resolved by re-adding the account name to allow the password retreival from the domain controller. The powershell command below was used
Set-ADServiceAccount accountname -PrincipalsAllowedToRetrieveManagedPassword hostname