We are trying to setup a policy in ARS to enforce a couple things on new gMSA object types. We have an AD attribute we use to store the owner's ID in and we require that for all accounts. I have it setup in policy to be required but when creating a new gMSA, I do not get the addition screen like I do with groups or users which shows all the extra fields to be filled in. If i try to commit a new change, it errors as it wants that field. I can click "edit properties" on the final screen and put them in and it works. I even tried creating a display specifier and placing the field on the "other properties in the object creation wizard" list but that didn't help either. The field does show on "other properties" so i know my display specifier is working properly.
Anyone run into this?
