Friday, February 10, 2017

PowerShell Module for Reading Group Managed Service Account Passwords

I recently covered the topic of Active Directory Group Managed Service Accounts. They are the new hotness from Microsoft.  I also offed up some code snippets for interacting with them.

Now I offer up a PowersShell module that also exposes .NET classes and methods for reading gMSA passwords. 

This module has a couple of great uses.  First of all, not all services and applications can leverage a gMSA natively. The dll lets you try and fit in a gMSA to your system. Second, the module uses calls diretly to Actdive Diretory via LDAP rather than via the Active Directory Web Service.  In some cases, you may not have the firewall rules set up to allow access to the ADWS, but all clients will have access to AD over TCP 389, as it is required.

Enjoy!

No comments:

Post a Comment