Register-DMServiceAccount
SYNOPSIS
Register a Group Managed Service Account as a desired state object.
SYNTAX
__AllParameterSets
Register-DMServiceAccount [-Name] <string> [-DNSHostName] <string> [-Description] <string>
[-Path] <string> [[-ServicePrincipalName] <string[]>] [[-DisplayName] <string>]
[[-ObjectCategory] <string[]>] [[-ComputerName] <string[]>] [[-ComputerNameOptional] <string[]>]
[[-GroupName] <string[]>] [[-KerberosEncryptionType] <string[]>] [[-Enabled] <TriBool>]
[[-Present] <TriBool>] [[-Attributes] <Object>] [[-OldNames] <string[]>] [[-ContextName] <string>]
[<CommonParameters>]
DESCRIPTION
Register a Group Managed Service Account as a desired state object. This will then be tested for during Test-DMServiceAccount and ensured during Invoke-DMServiceAccount.
EXAMPLES
EXAMPLE 1
Get-Content .\serviceaccounts.json | ConvertFrom-Json | Write-Output | Register-DMServiceAccount
Load up all settings defined in serviceaccounts.json
PARAMETERS
-Attributes
Offer additional attributes to define. This can be either a hashtable or an object and can contain any writeable properties a gMSA can have in your organization.
Type: System.Object
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 13
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ComputerName
Only thus designated principals are allowed to retrieve the password to the gMSA. Using this you can grant access to an explicit list of computer accounts. A missing computer will cause a warning, but not otherwise fail the process. Supports string resolution.
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 7
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ComputerNameOptional
Only thus designated principals are allowed to retrieve the password to the gMSA. Using this you can grant access to an explicit list of computer accounts. A missing computer will be logged but not otherwise noted. Supports string resolution.
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 8
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ContextName
The name of the context defining the setting. This allows determining the configuration set that provided this setting. Used by the ADMF, available to any other configuration management solution.
Type: System.String
DefaultValue: <Undefined>
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 15
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: false
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Description
Describe what the gMSA is supposed to be used for. Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 2
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-DisplayName
A custom DisplayName for the gMSA. Note, this setting will be ignored in the default dsa.msc console! It only affects other applications that might be gMSA aware and support it. Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 5
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-DNSHostName
The DNSHostName of the gMSA. Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 1
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Enabled
Whether the account should be enabled or disabled. By default, this is 'Undefined', causing the workflow to ignore its enablement state.
Type: DomainManagement.TriBool
DefaultValue: Undefined
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 11
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-GroupName
Only thus designated principals are allowed to retrieve the password to the gMSA. Using this you can grant access to an explicit list of ActiveDirectory groups. Supports string resolution.
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 9
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-KerberosEncryptionType
The supported Kerberos encryption types. Can be any combination of 'AES128', 'AES256', 'DES', 'RC4' Default: 'AES128','AES256'
Type: System.String[]
DefaultValue: "@('AES128', 'AES256')"
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 10
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Name
Name of the Service Account. This must be a legal name, 15 characters or less (no trailing $ needed). The SamAccountName will be automatically calculated based off this setting (by appending a $). Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 0
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ObjectCategory
Only thus designated principals are allowed to retrieve the password to the gMSA. Using this you can grant access to any members of given Object Categories.
Type: System.String[]
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 6
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-OldNames
A list of previous names the gMSA held. This causes the ADMF to trigger rename actions.
Type: System.String[]
DefaultValue: '@()'
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 14
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Path
The path where to place the gMSA. Supports string resolution.
Type: System.String
DefaultValue: ''
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 3
IsRequired: true
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-Present
Whether the account should exist or not. By default, it should. Set this to $false in order to explicitly delete an existing gMSA. Set this to 'Undefined' to neither create nor delete it, in which case it will only modify properties if the service account exists.
Type: DomainManagement.TriBool
DefaultValue: true
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 12
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
-ServicePrincipalName
Any service principal names to add to the gMSA. Supports string resolution.
Type: System.String[]
DefaultValue: '@()'
SupportsWildcards: false
Aliases: []
ParameterSets:
- Name: (All)
Position: 4
IsRequired: false
ValueFromPipeline: false
ValueFromPipelineByPropertyName: true
ValueFromRemainingArguments: false
DontShow: false
AcceptedValues: []
HelpMessage: ''
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.