Group Managed Service Accounts (gMSA’s) can be used to run Windows services over multiple servers within the Windows domain.

Since the launch of Windows Server 2012 R2, gMSA has been the recommended service account option for AD FS. As abusing AD FS is one of my favourite hobbies, I wanted to learn how gMSAs work.