Back in Windows Server 2008 R2, when stand-alone Managed Service Accounts (sMSA) were new, they could not be used to execute scheduled tasks. In Windows Server 2012 however, there is a new type of account called the Group Managed Service Account (gMSA). This type of account is supposedly capable of launching scheduled tasks in the task scheduler on clients & member servers inside of a Windows Server 2012 forest/domain functional level.
So far, I have:
- Established a Windows Server 2012 forest/domain
- Created a Group Managed Service Account (gMSA)
- Installed the gMSA on a Windows Server 2012 member server
And currently I'm having trouble with:
- Setting a scheduled task to use the gMSA
When I attempt to use a gMSA on a scheduled task, I get the error message that says "The object cannot be found" (paraphrased) message.
My question is: How do I configure a Scheduled Task to execute using a Group Managed Service Account (gMSA)?
The answer has been blogged here: http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
Blog now archived here: https://web.archive.org/web/20130627015803/http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
The short version is to use the Register-ScheduledTask PowerShell cmdlet combined with
New-ScheduledTaskPrincipal -LogonType Password -UserID YourDomain\YourgMSA$
.I like @JasonStangroome answer but I would like to complete it a bit.
Complete command for a task that will run 14.00 on weekdays only and a description of the task in Task Scheduler.
Note that this task from now on needs to be edited via Powershell, GUI can not be used. Also remember that the user needs access to the application it will be running. Service accounts are normally not searched for in Windows, this needs too be added specifically like this:
In-case someone has this for Server 2016/2019, I had to do the following to set via the Task Scheduler GUI:
Change User or Group...
dialog, changeFrom this location
toEntire Directory
Object Types
to justService Accounts
(this option will only appear if on a domain location)Advanced
to find the gMSA account, or type just the name without$
or the domain prefix