33 lines
1.0 KiB
PowerShell
33 lines
1.0 KiB
PowerShell
|
function Test-OrInstallADServiceAccount {
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Ensures gMSA Service Account specified exists on the machine. Creates it if not.
|
||
|
#>
|
||
|
[CmdletBinding()]
|
||
|
[OutputType([System.Boolean])]
|
||
|
Param(
|
||
|
[string]$gmsaServiceAccount
|
||
|
)
|
||
|
|
||
|
$logLead = (Get-LogLeadName);
|
||
|
|
||
|
# Get the actual username, since the AD functions error if the domain prefix is included
|
||
|
$cleanUserName = $gmsaServiceAccount.Split("\") | Select-Object -Last 1
|
||
|
|
||
|
if (Test-ADServiceAccount $cleanUserName) {
|
||
|
Write-Verbose ("$logLead : GMSA account {0} already installed" -f $cleanUserName)
|
||
|
return $true
|
||
|
} else {
|
||
|
Write-Verbose ("$logLead : Attempting to install GMSA account {0}" -f $cleanUserName)
|
||
|
Install-ADServiceAccount $cleanUserName
|
||
|
|
||
|
if (Test-ADServiceAccount $cleanUserName) {
|
||
|
return $true
|
||
|
}
|
||
|
|
||
|
Write-Warning ("$logLead : GMSA Account {0} could not be installed and must be reviewed post-installation" -f $cleanUserName)
|
||
|
return $false
|
||
|
}
|
||
|
}
|
||
|
|