Moves a group Managed Service Account (gMSA) from one location in Active Directory to another.
Move-DRAServiceAccount -Domain <String> -TargetContainer <String> -Identifier <String> [-DRARestServer <String>] [-DRARestPort <Int32>] [-IgnoreCertificateErrors<SwitchParameter>] [-Force <SwitchParameter>] [-Timeout <Int32>] [<CommonParameters>]
The Move-DRAServiceAccount cmdlet moves the gMSA specified in the Identifier parameter to the container specified in the TargetContainer parameter. The requesting user must have the Move group Managed Service Account to OU power on the target container.
Attribute / Description |
Parameters / Values |
||||
---|---|---|---|---|---|
Required |
Position |
Default Value |
Accept Pipeline input? |
Accept wildcard characters? |
|
Identifier <String> The name or distinguished name of a gMSA. |
true |
named |
|
true (ByPropertyName) |
false |
Domain <String> The domain of the object in FQDN format. For example: mydomain.corp |
true |
named |
|
true (ByPropertyName) |
false |
TargetContainer <String> The full path to the destination container for the object you are moving, in the distinguished name format. For example: -TargetContainer "OU=Accounting,DC=MyDomain,DC=corp”. |
true |
named |
|
true (ByPropertyName) |
false |
DRARestServer [<String>] The name of the computer running the DRA Rest Service. The requested DRA operation will execute on this server. If the parameter is not specified, the value defaults to 'localhost'. |
false |
named |
|
true (ByPropertyName) |
false |
DRARestPort [<Int32>] The port where the DRA REST Service listens for requests. If the parameter is not specified, the value defaults to 8755. |
false |
named |
8755 |
true (ByPropertyName) |
false |
IgnoreCertificateErrors [<SwitchParameter>] Allows the request to bypass any SSL certificate errors, such as the InvalidOperation error that occurs when the REST Service is bound to a self-signed certificate. |
false |
named |
|
false |
false |
Force [<SwitchParameter>] Suppresses any request for user input and supplies a 'yes' response. For example: -Force with a delete request will perform the delete without presenting the confirmation request to the user. |
false |
named |
|
false |
false |
Timeout [<Int32>] The number of seconds to wait before the request to the DRA REST server times out. To specify an infinite timeout, you can set this parameter to -1. |
false |
named |
100 seconds |
true (ByPropertyName) |
false |
<CommonParameters> Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see About CommonParameters. |
|
|
|
|
|
NOTE:For more information, type "Get-Help Move-DRAServiceAccount -detailed". For technical information, type "Get-Help Move-DRAServiceAccount -full".
Example 24-4 1
PS C:\>Move-DRAServiceAccount -Domain MyDomain.corp -Identifier "CN=GMSA123,CN=Managed Service Accounts,DC=MyDomain,DC=corp" -TargetContainer "OU=Accounts,DC=MyDomain,DC=corp"
This example moves the gMSA named GMSA123 from the container named Managed Service Accounts to the container named Accounts.