Active Roles

gMSA provisioning: edsvaPrincipalsAllowedToRetrieveManagedPassword not returning computer objects in Web-UI

Hi guys,

I'm trying to configure a gMSA provisioning workflow in ARS 6.9 and came across some strange behavior. When you try to specify the computers and groups the gMSA will be used on (edsvaPrincipalsAllowedToRetrieveManagedPassword), the web interface search will only return users/groups but no computers. When you use the MMC to configure that attribute, it will work properly and also show computer objects.

So in this case, if you don't want to use the console, you would always have to specify a group and could not just add one single computer.

Is this a bug in the Web UI or am I missing something here?

Big thanks in advance,
Jochen