Gets information about a group Managed Service Account (gMSA) from Active Directory.
Get-DRAServiceAccount -Domain <String> [-Attributes <String[]>] [-PowersForOperations <String[]>] [-VisiblePropertiesOnly <SwitchParameter>] -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors <SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The Get-DRAServiceAccount cmdlet returns the properties of the requested gMSA from Active Directory. The requesting user must have the View All group Managed Service Account Properties power. You can view the default list of properties or specify specific properties. The default properties for a gMSA include: Name, Description, DistinguishedName, DisplayName, SAMAccountName, FriendlyName, and FriendlyPath.
|
Attribute / Description |
Parameters / Values |
||||
|---|---|---|---|---|---|
|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
|
Attributes [<String[]>] An array of attributes to retrieve values for. If this parameter is missing, a default list of properties is returned. |
false |
named |
|
true (ByPropertyName) |
false |
|
PowersForOperations [<String[]>] An array of DRA operation names for which you want the server to return read/write permission information. This parameter is typically used by a UI-based client to hide or disable elements the calling user doesn't have powers for. The PowersForOperations parameter is applicable only if you have specified the Identifier parameter. |
false |
named |
|
true (ByPropertyName) |
false |
|
VisiblePropertiesOnly [<SwitchParameter>] A flag to indicate whether DRA should return only properties the caller has powers to view. By default, DRA will return an error if the caller requests a property that they do not have powers to view. By specifying this flag, DRA is instructed to not return an error and instead just not return a value for such properties. |
false |
named |
|
false |
false |
|
Identifier <String> The name or distinguished name of an existing Active Directory object. When the name is specified, an additional call to the DRA Server is needed to obtain the distinguished name for the object. |
true |
named |
|
true (ByPropertyName) |
false |
|
Domain <String> The domain of the object in FQDN format. For example: mydomain.corp |
true |
named |
|
true (ByPropertyName) |
false |
|
DRARestServer [<String>] The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName) |
false |
|
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName) |
false |
|
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
|
false |
false |
|
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
|
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
|
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help Get-DRAServiceAccount -detailed". For technical information, type "Get-Help Get-DRAServiceAccount -full".
Example 24-1 1
PS C:\>Get-DRAServiceAccount -Domain MyDomain.corp -Identifier "GMSA123" -Attributes "Description","DisplayName","DNSHostName","IsDisabled","ManagedPasswordIntervalInDays","SamAccountName","PrincipalsAllowedToDelegateToAccount","PrincipalsAllowedToRetrieveManagedPassword"
This example requests the properties of the gMSA named GMSA123 in the MyDomain.corp domain. If the Attributes parameter is not specified, a default list of properties will be returned.
Example 24-2 2
PS C:\>Get-DRAServiceAccount -Domain MyDomain.corp -Identifier "CN=GMSA123,CN=Managed Service Accounts,DC=MyDomain,DC=corp"
This example requests the properties of the gMSA named GMSA123 in the MyDomain.corp domain. The identifier contains the name of the gMSA. When the name is specified, DRA resolves the name to the distinguished name, and then requests the properties for the gMSA.
Example 24-3 3
PS C:\>Get-DRAServiceAccount -Domain MyDomain.corp -Identifier "CN=GMSA123,CN=Managed Service Accounts,DC=MyDomain,DC=corp"
This example requests the properties of the gMSA named GMSA123 in the MyDomain.corp domain. The identifier contains the distinguished name for the gMSA.