Execute docker container as Windows Server with Specified user's Windows Authentication on Jenkinspipeline

I have a .Net Console App using .Net Framework 4.7.2. We are migrating CI/CD build and deployment of this application from TeamCity to Jenkins Pipeline using jenkinsfile. I am using a windows docker image (vsbuildtools2019-16.4-managed-desktop:3.5-4.8-dotnet-framework-10.0.14393.2485) to build my application. When it comes to deployment we are using company’s internal package builder (.exe - a software which packages the application and deploys to servers).

Its limitation is that it can only be run via specific user accounts which have access to drop the final package to the deployment network shares and some further processing happens after that.

The issue I am facing is that by default the user profile which the container uses is “C:/Users/ContainerAdministrator” or when I try to find the username it gives me the <Servername$> as the name of the user. I want to run the container using a Service Account which has access to those network share. How can I achieve that ?

Below is how I am using jenkinsfile to spawn the container on the Jenkins Build agent :-

agent {
  docker {
    image <docker-image>
    label 'docker-win'
    reuseNode true
}

I have already tried specifying args '-u <username>' within agent docker section but it gives me the below error when I run the pipeline -

java.io.IOException: Failed to run image 'docker-win-vsbuildTools-2019'. Error: docker: Error response from daemon: <container-name> encountered an error during CreateProcess: failure in a Windows system call: The user name or password is incorrect.

Does any one have any thoughts on this please ? This is a blocker for me.

If I understand correctly, I think you need to use group Managed Service Account (gMSA):

Thanks for your reply. Do you have any sample code in git for reference purpose? I went through the above but couldn’t fit it with my use case in my organisation where the service accounts are already made and when trying to test those with the command Test-AdServiceAccount , it doesn’t seem to work.

As i understand, windows containers doesn’t support local users, just gMSA, which require existing AD :frowning:

My mistake:
local user must have no password to execute commands by docker.