gMSA Support in MIM

The newest version of the MIM 2016 SP1 hotfix adds gMSA support for the product. However, there are a few things you need to be aware of when attempting to switch over.

First, there's not yet an installer which starts from scratch with this feature. You still need a regular user-based service account to do the install. Just one, though - the MIM service. Second, if you're transitioning from the old-style user-based accounts, you'll want to make sure you're careful and move your SPNs on the service account from old to new.

One thing I was able to do for adding a new or second MIM server to my install, was to install only the service - no additional features. Then, the new patch was installed and I could add not only gMSAs but also all the other features for the portal and PAM as well.

I've been running gMSAs for a month now and it all seems to be working great. Next, we hope to see a full installer which can take advantage of gMSAs from the beginning, and also full product support for them across the board - in SharePoint and also MIM CM, which are not there yet.