-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathGet-GMSADetail.ps1
More file actions
39 lines (32 loc) · 1.93 KB
/
Get-GMSADetail.ps1
File metadata and controls
39 lines (32 loc) · 1.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# PowerShell script authored by Sean Metcalf (@PyroTek3)
# 2025-10-31
# Updated
# Script provided as-is
Param
(
$Domain = $env:userdnsdomain
)
$DomainDC = (Get-ADDomainController -Discover -DomainName $Domain).Name
$DomainInfo = Get-ADDomain -Server $DomainDC
[array]$DomainGMSAArray = Get-ADServiceAccount -filter * -prop * -Server $DomainDC | Sort Name
$DomainGMSADetailArray = @()
ForEach ($DomainGMSAArrayItem in $DomainGMSAArray)
{
$PasswordAccesPrincipalArray = @()
ForEach ($PasswordAccessPrincipalArrayItem in $DomainGMSAArrayItem.PrincipalsAllowedtoRetrieveManagedPassword)
{
$PasswordAccessPrincipalArray = Get-ADObject $PasswordAccessPrincipalArrayItem -Server $DomainDC
Switch($PasswordAccessPrincipalArray.ObjectClass)
{
Group { $PasswordAccesPrincipalArray += Get-ADGroupMember $PasswordAccessPrincipalArray.DistinguishedName -Server $DomainDC }
User { $PasswordAccesPrincipalArray += Get-ADUser $PasswordAccessPrincipalArray.DistinguishedName -Server $DomainDC }
Computer { $PasswordAccesPrincipalArray += Get-ADComputer $PasswordAccessPrincipalArray.DistinguishedName -Server $DomainDC }
}
}
[string]$PasswordAccesPrincipalString = $PasswordAccesPrincipalArray.Name -join ","
$DomainGMSAArrayItem | Add-Member -MemberType NoteProperty -Name PasswordAccesPrincipalArray -Value $PasswordAccesPrincipalArray -Force
$DomainGMSAArrayItem | Add-Member -MemberType NoteProperty -Name PasswordAccesPrincipalString -Value $PasswordAccesPrincipalString -Force
$DomainGMSADetailArray += $DomainGMSAArrayItem
}
$DomainGMSADetailArray | Select Name,DNSHostName,MemberOf,Created,LastLogonDate,PasswordLastSet,msDS-ManagedPasswordInterval,`
PrincipalsallowedtoDelegateToAccount,PrincipalsAllowedtoRetrieveManagedPassword,PasswordAccesPrincipalString,msDS-ManagedPassword,ServicePrincipalName | Sort Name