Search This Blog

Friday, March 26, 2021

Group Managed Service Accounts (gMSA) - PowerShell Command

Following are several useful group Managed Service Accounts (gMSA) PowerShell command.

  • To query the Active Directory for list of host where a specific gMSA account could be use, please run the following:
    • Get-ADServiceAccount [-Identity] ITFarm1 -Properties PrincipalsAllowedToRetrieveManagedPassword
  • To add member hosts to where the gMSA account could be use, please run the following:
    • Set-ADServiceAccount [-Identity] ITFarm1 -PrincipalsAllowedToRetrieveManagedPassword Host1$,Host3$
  • To install gMSA account to a host, please run the following command on the host machine:
    • Install-ADServiceAccount -Identity ITFarm1
  • To create a new gMSA account, please run the following
    • New-ADServiceAccount ITFarm1 -DNSHostName ITFarm1.contoso.com -PrincipalsAllowedToRetrieveManagedPassword ITFarmHosts$

No comments:

Search Google