> Documentation > Backup and Restore Agents > Databases > Microsoft SQL > Configuration of the SQL Server Agent > User Account Configuration for the SQL Server Agent

Using Group Managed Service Accounts for the SQL Server Agent

You can create Group Managed Service Accounts (gMSA) and configure the SQL Server agent to use the gMSA account for backup and restore operations.

gMSA accounts are only supported on SQL server 2014 or higher versions.

If you are using different gMSAs for different instances on the same client, then use standard impersonation.

Before You Begin

To use the gMSA account for SQL Server, complete the following requirements:

  • Verify that you have at least one computer with Windows Server 2012 or 2012 R2 operating system in the domain.

  • Verify that you have a Key Distribution Service (KDS) root key. To verify, on the Windows PowerShell Active Directory module, complete the following steps:

    • Run the command to test if the key already exists:

      Test-KdsRootKey -KeyId (Get-KdsRootKey).KeyId

    • If the key does not exist, run the command to create a new key:

      Add-KdsRootKey -EffectiveImmediately

      It could take up to 10 hours to activate the KDS key.

  • If gMSA is used on a Windows Server 2012 R2 computer, then install Microsoft update as specified in the article KB 2998082.

  • Verify that you have .NET framework 3.5x or higher installed on the computer where gMSA is being configured.

  • Install Active Directory Powershell module on the computer where gMSA is being configured. To install, run the following command:

    Install-WindowsFeature -Name RSAT-AD-POWERSHELL

  • Create a gMSA user account and configure the SQL Instance to use gMSA as the service account. For more information, go to Group Managed Service Accounts (gMSA) and SQL Server 2016 on the Microsoft documentation website.

Procedure

  1. Verify that the gMSA account meets the requirements as specified in User Account Configuration for the SQL Server Agent.

    • The gMSA account must have sysadmin role on the SQL instance.

    • The gMSA account must be a local administrator on the client machine.

  2. Run the Commvault CVD service under the gMSA account.

  3. To use the gMSA account for the SQL Server instance, select Use Local System Account.

    For more information, see Configuring User Accounts for the SQL Server Agent.

Loading...