AB#180930 Update recover-from-golden-gmsa-attack.md

v-lianna · web-flow · commit c69064be6a60 · 2023-09-06T14:13:44.000+08:00
diff --git a/support/windows-server/windows-security/recover-from-golden-gmsa-attack.md b/support/windows-server/windows-security/recover-from-golden-gmsa-attack.md
@@ -1,7 +1,7 @@
 ---
 title: How to recover from a Golden gMSA attack
 description: Describes how to repair compromised gMSAs after a Golden gMSA attack.
-ms.date: 08/25/2023
+ms.date: 09/06/2023
 manager: dcscontentpm
 audience: itpro
 ms.topic: troubleshooting
@@ -88,6 +88,7 @@ The approach is to create a new KDS Root Key object that's unknown to the attack
 > - You don't have to manually repair gMSAs that were created after the Active Directory Domain Services (AD DS) database exposure ended. The attacker doesn't know the details of these accounts, and the passwords for these accounts will regenerate based on the new KDS Root Key object.
 > - You should consider the gMSA object in "maintenance mode" until the procedure is completed, and ignore possible errors that are reported with the accounts in the System, Security, Directory Services, and Security-Netlogon event log.
 > - The guide assumes that the gMSAs are child objects of the **Managed Service Accounts** container. If you have moved the accounts to custom parent containers, you need to run the steps related to the **Managed Service Accounts** container on the gMSA in these containers.
+> - An authoritative restore rolls back all attributes to the time of backup, including the accounts that are allowed to retrieve the gMSA credentials (`PrincipalsAllowedToRetrieveManagedPassword`).
 
 In the domain holding the gMSAs that you want to repair, follow these steps:
 
