All: Is there any benefit or security enhancement to using an MSA for the AD LDS instance(s) over the Network Service or a dedicated resource account? 1. Network service present the machines cred which change every ~month. Configurable. Minimal privileges on the system as opposed to .\localservice.
2. MSA creds change regularly. Configurable. 3. Resource account can change but requires manual intervention. Account can be disabled if needed.
I have not delved into the world of MSA’s for the fact that you need a different one for each system which becomes a large chore in my environment. As opposed to GSMA’s, but even those require the application to be compatible with them. Some Microsoft services are not compatible yet – however, AD LDS is compatible with MSA’s. So I am asking if there is any benefit to use a MSA as opposed to Network Service. Brian Britt