Active Directory: Export all group Managed Service Accounts (gMSA)

TobyU Leave a comment

This one-liner exports all group managed Service Accounts (gMSA) from an Active Directory Domain into a .csv file.

As follows, you will find the command as I used it to export certain information about those gMSA in my Domain. You might have to adjust it to your specific needs.

1
2
3
4
5
6
7
8
9

Get-ADServiceAccount -Filter * -Properties * | `
    Select -Property Name, `
        @{name="Owner"; expression={(Get-Acl "AD:\$($_.DistinguishedName)").Owner}}, `
        Enabled, LockedOut, Description,
        @{name="LastLogonDate"; expression={ $_.LastLogonDate.toString("dd.MM.yyyy") }}, `
        @{name="PasswordLastSet"; expression={ $_.PasswordLastSet.toString("dd.MM.yyyy") }}, `
        DistinguishedName | `
        Export-Csv -Path ".\GroupManagedServiceAccounts_$((Get-ADDomain).Name).csv" `
         -NoTypeInformation -Encoding UTF8

Get-Mailbox not returning all Exchange Mailboxes

TobyU Leave a comment

By default, Exchange PowerShell commands such as Get-Mailbox or Get-Recipient, are not returning all Exchange Mailboxes of the whole Active Directory Forest.

Moreover, they just return Mailboxes or Recipients located in the same Domain as the Exchange Organization.

The following command tells your current Exchange Management Shell session to return Mailboxes from the whole Forest:

1

Set-ADServerSettings -ViewEntireForest $true