Active Directory: Export all group Managed Service Accounts (gMSA)

TobyU Powershell

This one-liner exports all group managed Service Accounts (gMSA) from an Active Directory Domain into a .csv file.

As follows, you will find the command as I used it to export certain information about those gMSA in my Domain. You might have to adjust it to your specific needs.

1
2
3
4
5
6
7
8
9

Get-ADServiceAccount -Filter * -Properties * | `
    Select -Property Name, `
        @{name="Owner"; expression={(Get-Acl "AD:\$($_.DistinguishedName)").Owner}}, `
        Enabled, LockedOut, Description,
        @{name="LastLogonDate"; expression={ $_.LastLogonDate.toString("dd.MM.yyyy") }}, `
        @{name="PasswordLastSet"; expression={ $_.PasswordLastSet.toString("dd.MM.yyyy") }}, `
        DistinguishedName | `
        Export-Csv -Path ".\GroupManagedServiceAccounts_$((Get-ADDomain).Name).csv" `
         -NoTypeInformation -Encoding UTF8

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.