function Get-AppServiceAccountName { <# .SYNOPSIS This function gets the domain qualified gMSA name .DESCRIPTION This function gets the domain qualified gMSA service account name. This function can throw an error if the service name doesn't match the predefined list. This will return an empty string if the UserPrefix environment variable isn't set. This will return an empty string if there is no domain on the current machine. If an empty string is returned, the expectation is that this will be installed local-machine-style (a-la SDK environments). .PARAMETER ServiceName [string] A known service name, such as BankService .INPUTS Requires the ServiceName to be passed in .OUTPUTS Will return the domain-app-specific username, an empty string (if the domain/userprefix aren't set, such as an SDK install), or throws an error when mixed conditions are found. .EXAMPLE Get-AppServiceAccountName This will throw an error for no account name passed in .EXAMPLE Get-AppServiceAccountName -ServiceName RandomNonsense This will throw an error for a bad service name. Get-AppServiceAccountName -ServiceName RandomNonsense WARNING: Could not find a matching entry in the lookup matrix for [RandomNonsense] Could not find a matching entry in the lookup matrix for [RandomNonsense] At line:X char:13 + throw $message + ~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (Could not find ...RandomNonsense]:String) [], RuntimeException + FullyQualifiedErrorId : Could not find a matching entry in the lookup matrix for [RandomNonsense] .EXAMPLE Get-AppServiceAccountName -ServiceName BankService Get-AppServiceAccountName -ServiceName BankService corp\dev.bank$ #> [CmdletBinding()] [OutputType([System.String])] param( [Parameter(Mandatory = $true)] [string]$ServiceName ) process { $logLead = (Get-LogLeadName) $domain = (((Get-CimInstance Win32_ComputerSystem).Domain) -split '\.')[0] if ([string]::IsNullOrWhiteSpace($domain)) { Write-Warning "$logLead : Could not find the local machine domain name. Are you joined to a domain?" Write-Verbose "$logLead : Assuming the user is on an SDK machine (not connected to a domain, can't use gMSA. Returning empty-string." return "" } $LookupMatrix = @{ 'AuditService' = 'audit'; 'BankService' = 'bank'; 'ContentService' = 'content'; 'CoreService' = 'core'; 'ExceptionService' = 'exception'; 'MessageCenterService' = 'msgctr'; 'NagConfigurationService' = 'nag'; 'NotificationService' = 'notify'; 'RP-STS' = 'rpsts'; 'SchedulerService' = 'schedule'; 'SecurityManagementService' = 'secmgr'; 'STSConfiguration' = 'stsconf'; 'SymConnectMultiplexer' = 'multiplx'; 'Alkami Radium Scheduler Service' = 'radium'; 'Alkami Nag Service' = 'nag'; } $matrixValue = $LookupMatrix[$ServiceName] if ([string]::IsNullOrWhiteSpace($matrixValue)) { $message = "$logLead : Could not find a matching entry in the lookup matrix for [$ServiceName]" Write-Warning $message } $userPrefix = (Get-AppSetting -appSettingKey "Environment.UserPrefix") ## This is so we can use this as ($env:userdnsdomain)\(Get-AppSetting "Environment.UserPrefix").$MatrixLookup[appName]$ if ([string]::IsNullOrEmpty($userPrefix) -or [string]::IsNullOrEmpty($matrixValue)) { if (Test-IsAppServer) { ## If we don't have a configured value then let's just run everything as the dbms user ## This is non-ideal of course, but we haven't got the infrastructure yet to fix it ## TODO: @dsage - Where do we get the user prefix for (ex: corp\dev.bank$ so we need dev) from? return (Get-AppSetting -appSettingKey "DatabaseMicroServiceAccount") } Write-Verbose "$logLead : No user prefix (ex: dev, qa, prod) found on this machine. We can't build the user string from here. Defaulting to empty string so that we use local machine configuration. (see SDK users)" return "" } return "$domain\$userPrefix.$matrixValue`$" } }