Service accounts
Management of service accounts and passwords can be a challenge. Since these accounts are highly privileged and have unique settings in Active Directory, unmanaged accounts can be a security threat to any organization. Some of these issues are documented at http://blogs.technet.com/b/askpfeplat/archive/2012/07/16/too-many-admins-in-your-domain-expose-the-problem-s-and-find-a-solution-don-t-forget-powershell.aspx. To address some of these issues and to better control these types of highly privileged and special accounts in Active Directory, Microsoft has introduced a concept called Managed Service Accounts (MSA) in Windows Server 2008. Sometimes it is referred to as standalone MSA. Due to some limitations, this concept wasn't highly adopted in large enterprise environments. With Windows Server 2012, Microsoft introduced an enhancement to MSA called Group Managed Service Accounts (gMSA). gMSA can provide the same functionality as MSA for multiple or groups of servers...
