Commonly domain user accounts are used as service accounts. With domain user accounts, the username can easily be as long as 64 characters as long as the User Principal Name (UPN) is used to refer to the account, eg [email protected]. If you still use the legacy pre-Windows 2000 names (SAM) you have to truncate it to ~20 characters, eg mydomain\truncname.

When using the New-ADServiceAccount PowerShell cmdlet to create a new Group Managed Service Account (gMSA) and a name longer than 15 characters is specified, an error is returned. To specify a longer name, the SAM name must be specified separately, eg:

New-ADServiceAccount -Name longname -SamAccountName truncname ...

To configure a service to run as the new gMSA, I can use the legacy username format mydomain\truncname$ but using usernames with a maximum of 15 characters in 2013 is a smell.

How do I refer to a gMSA using the UPN-style format instead?

I tried the longname$@domainfqdn approach but that didn't work. It also seems that the gMSA object in AD doesn't have a userPrincipalName attribute value specified.