$groupname = (Get-ADPrincipalGroupMembership -Identity (Get-ADComputer -Identity ($env:computername))).Where({ $_.Name -match 'GMSA' })
$grantAccountsDiskReadAccess = (Get-ADServiceAccount -Filter * -Properties PrincipalsAllowedToRetrieveManagedPassword).Where({ $_.PrincipalsAllowedToRetrieveManagedPassword -eq $groupname }).Name


servers that got turned on for deploys, why do we not clean up the tags after we are done???




C:\
Nag\ <-- only happens on primary nag


E:\
ORB\
Nag\ <-- deployed but not registered



Test-IsPrimaryNag {
    return (Test-Path C:\Nag)
}


Ask from cody to move the nag config into a structured file so we can be able to recover in case we lose the drive, which has happened in the past

We should be able to reapply this to a new server in the pod on demand (assuming someone ensured there is no active nag there)