Test gMSA Account on DCs

# This will run on all Domain Controllers. . Replace 'adhealthcheck' with actual gMSA name
Invoke-Command -ComputerName (Get-ADDomainController -Filter *).Name -ScriptBlock {
    $Account = Get-ADServiceAccount -Filter { Name -eq 'adhealthcheck'}
    Install-ADServiceAccount $Account

    # Tests that the GMSA works on the computer
    # Returns $True if tests are OK
    $Test = Test-ADServiceAccount -Identity $Account.Name
    if($Test){
        Write-Output "GMSA test OK on $env:computername"
    }
    else {
        Write-Output "GMSA test FAILED on $env:computername"
    }

}

Revision #2
Created 2023-11-10 04:50:54 UTC by Ryan
Updated 2025-03-13 00:55:13 UTC by Ryan