Managed Service account with rotating password

Islam, Mo

August 15, 2024 19:18

Currently we have multiple "Directory" profiles under "Integrations" this due to having multiple hostpools with specific OUs. Because of this, we have multiple profiles and it's growing. But they all use the same AD service account, which is managed, with a rotating password every 5 days. So, every 5 days I am having to go to each item, now almost 30 and manually change the password.

The request is to either have one place to change the password and each item can choose the service account to use, similar to having a "secure variable" Or have an option like API command that I can script to change all the passwords using one shot.

Comments (2 comments)

Jason Lucas

February 13, 2025 21:21

We have a similar situation with a service account that expires every 6 months. Currently we have 37 directory profiles and expect to have 100+ after migrations are all complete. It would be nice to have a dropdown in the directory profile to select a credential - similar to how you can select a single saved credential with scripted actions. Then we could just update the one credential that all directory profiles are using.

Christophe Fettouhi

April 14, 2025 08:13

I would like to see a way to implement something like GMSA acocunts into Nerdio hence we need an account to join the VMs to the domain. Sadly GMSA is not possible because it requires the account to be installed the VM to be allowed to use that gmsa account. A password reset script or something would be great. As many directories is a bit of an issue to manage.

Please sign in to leave a comment.