If required, you can use a Group Managed Service Account (gMSA) for DRA services. For more information about using a gMSA, see the Microsoft reference Group Managed Service Accounts Overview. This section explains how to configure DRA for a Group Managed Service Account after previously adding the account to Active Directory.
IMPORTANT:Do not use the gMSA as a service account while installing DRA.
To configure the DRA Primary Administration server for a gMSA:
Add the gMSA as a member of the following groups:
Local Administrators group on the DRA server
AD LDS group in the DRA managed domain
Change the logon account in service Properties for each of the services below to the gMSA:
NetIQ Administration Service
NetIQ DRA Audit Service
NetIQ DRA Cache Service
NetIQ DRA Core Service
NetIQ DRA Host Service
NetIQ DRA Log Archive
NetIQ DRA Replication Service
NetIQ DRA Rest Service
NetIQ DRA Skype Service
Restart all the services.
To configure a DRA secondary administration server for a gMSA:
Install the secondary server.
On the primary server, assign the Configure Servers and Domains role to the Administration Servers and Managed Domains ActiveView for the secondary server’s service account.
On the primary server, add a new secondary server and specify the secondary server service account.
Add the gMSA to the local administrators group on the DRA Secondary Administration server.
On the secondary server, change the logon account of all the DRA services to the gMSA and then re-start the DRA services.