Windows Server 2012 introduced gMSA which is a secure, automated way to manage service account credentials across multiple Windows systems, leveraging Kerberos for authentication without manual password handling. gSMA enhances security, scalability, and management so it is widely used today in the Windows world.

Although it is a common question from Windows departments whether Ansible/AAP could use gMSA accounts, gMSA is not supported by RHEL or by Ansible natively or even with additional configuration. This means that gMSA accounts cannot be used with Ansible as of today.

This RFE is to discuss and evaluate whether it would be possible and feasible to add support for using gMSA accounts when using Ansible/AAP for Windows automation. This would reduce the friction with Windows departments and allow them using their standard practices with accounts also with automation.

Follow-up RFEs and issues can be created for concrete investigation and implementation efforts if needed.

Thanks.