那些遇到过的问题

标签: gmsa

MSA 操作日志在哪里?

我创建了一个这样的 gMSA:

New-ADServiceAccount -name Cust00000 -DNSHostName Cust00000.domain.com -PrincipalsAllowedToRetrieveManagedPassword "IIS_IUSRS" -ManagedPasswordIntervalInDays 60
Run Code Online (Sandbox Code Playgroud)

而生活似乎也很美好。然而,当我跑步时

Test-ADServiceAccount Cust00000
Run Code Online (Sandbox Code Playgroud)

这就是我得到的:

False
WARNING: Test failed for Managed Service Account Cust00000. If standalone Managed Service Account, the account is
linked to another computer object in the Active Directory. If group Managed Service Account, either this computer does
not have permission to use the group MSA or this computer does not support all the Kerberos encryption types required
for the gMSA. See the MSA operational log for more …
Run Code Online (Sandbox Code Playgroud)

powershell active-directory gmsa

sir*_*ank
2017 07-18
4
推荐指数
1
解决办法
8665
查看次数

将 gMSA 帐户部署为任务计划程序用户帐户

我正在尝试在 Windows 2016 服务器上创建一个任务,并且需要部署 gMSA 帐户作为登录帐户,下面是我正在使用的脚本,我需要确保选项“无论用户是否登录都运行”已选择,应对以下代码进行哪些更改?

$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Argument "NoProfile -ExecutionPolicy Unrestricted C:\Admin\Scripts\test.ps1 "
$trigger = New-ScheduledTaskTrigger -daily -At 5:05am
$Pri = New-ScheduledTaskPrincipal -UserId "Domain\gMSA" -LogonType ServiceAccount -RunLevel Highest
$task = New-ScheduledTask -Action $action -Trigger $trigger 
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName "Taskname" -Principal $Pric
Run Code Online (Sandbox Code Playgroud)

powershell scheduled-tasks gmsa

Avi*_*ick
2020 07-03
2
推荐指数
1
解决办法
2万
查看次数

标签 统计

gmsa ×2

powershell ×2

active-directory ×1

scheduled-tasks ×1