8

Back in Windows Server 2008 R2, when stand-alone Managed Service Accounts (sMSA) were new, they could not be used to execute scheduled tasks. In Windows Server 2012 however, there is a new type of account called the Group Managed Service Account (gMSA). This type of account is supposedly capable of launching scheduled tasks in the task scheduler on clients & member servers inside of a Windows Server 2012 forest/domain functional level.

So far, I have:

  • Established a Windows Server 2012 forest/domain
  • Created a Group Managed Service Account (gMSA)
  • Installed the gMSA on a Windows Server 2012 member server

And currently I'm having trouble with:

  • Setting a scheduled task to use the gMSA

When I attempt to use a gMSA on a scheduled task, I get the error message that says "The object cannot be found" (paraphrased) message.

My question is: How do I configure a Scheduled Task to execute using a Group Managed Service Account (gMSA)?

Trevor Sullivan
  • 1,834
  • 3
  • 13
  • 19

3 Answers3

8

The answer has been blogged here: http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx

Blog now archived here: https://web.archive.org/web/20130627015803/http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx

The short version is to use the Register-ScheduledTask PowerShell cmdlet combined with New-ScheduledTaskPrincipal -LogonType Password -UserID YourDomain\YourgMSA$.

Jason Stangroome
  • 345
  • 7
  • 21
4

I like @JasonStangroome answer but I would like to complete it a bit.

Complete command for a task that will run 14.00 on weekdays only and a description of the task in Task Scheduler. 

$action = New-ScheduledTaskAction "C:\Applications\Service\Service.exe"
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday, Tuesday, Wednesday, Thursday, Friday -At 14:00
$principal = New-ScheduledTaskPrincipal -UserID domain\user$ -LogonType Password
Register-ScheduledTask Service -Description "Do service stuff" –Action $action –Trigger $trigger –Principal $principal

Note that this task from now on needs to be edited via Powershell, GUI can not be used. Also remember that the user needs access to the application it will be running. Service accounts are normally not searched for in Windows, this needs too be added specifically like this:

enter image description here

Ogglas
  • 344
  • 3
  • 6
1

In-case someone has this for Server 2016/2019, I had to do the following to set via the Task Scheduler GUI:

  1. In the Change User or Group... dialog, change From this location to Entire Directory
  2. Set Object Types to just Service Accounts (this option will only appear if on a domain location)
  3. Used Advanced to find the gMSA account, or type just the name without $ or the domain prefix

enter image description here

Jake Edwards
  • 247
  • 1
  • 2
  • 9