Following are several useful group Managed Service Accounts (gMSA) PowerShell command.
- To query the Active Directory for list of host where a specific gMSA account could be use, please run the following:
- Get-ADServiceAccount [-Identity] ITFarm1 -Properties PrincipalsAllowedToRetrieveManagedPassword
- To add member hosts to where the gMSA account could be use, please run the following:
- Set-ADServiceAccount [-Identity] ITFarm1 -PrincipalsAllowedToRetrieveManagedPassword Host1$,Host3$
- To install gMSA account to a host, please run the following command on the host machine:
- Install-ADServiceAccount -Identity ITFarm1
- To create a new gMSA account, please run the following
- New-ADServiceAccount ITFarm1 -DNSHostName ITFarm1.contoso.com -PrincipalsAllowedToRetrieveManagedPassword ITFarmHosts$
No comments:
Post a Comment