| external help file | Module Name | online version | schema |
|---|---|---|---|
DSInternals.PowerShell.dll-Help.xml |
DSInternals |
2.0.0 |
Decodes the value of the msDS-ManagedPassword attribute of a Group Managed Service Account.
ConvertFrom-ADManagedPasswordBlob [-Blob] <Byte[]> [<CommonParameters>]
Decodes the MSDS-MANAGEDPASSWORD_BLOB structure containing a group-managed service account's password information.
The password is actually a cryptographically generated array of 256 bytes that is represented as an 128 characters long UTF-16 string.
PS C:\> $gmsa = Get-ADServiceAccount -Identity 'SQL_HQ_Primary' -Properties 'msDS-ManagedPassword'
PS C:\> ConvertFrom-ADManagedPasswordBlob -Blob $gmsa.'msDS-ManagedPassword'
<# Sample Output:
Version : 1
CurrentPassword : 湤ୟɰ橣낔饔ᦺ几᧾ʞꈠ⿕ՔὬ랭뷾햾咶郸�렇ͧ퀟럓몚ꬶ佩䎖∘Ǐ㦗ן뱷鼹⽩Ⲃ⫝咽㠅E䠹鸞왶婰鞪
PreviousPassword :
QueryPasswordInterval : 29.17:15:36.3736817
UnchangedPasswordInterval : 29.17:10:36.3736817
#>Decodes the managed password information from a group-managed service account (GMSA) called SQL_HQ_Primary. The user retrieving the managed password needs to be listed in the PrincipalsAllowedToRetrieveManagedPassword property of the GMSA.
Specifies the binary value stored in the msDS-ManagedPassword attribute.
Type: Byte[]
Parameter Sets: (All)
Aliases: msDS-ManagedPassword, ManagedPassword, ManagedPasswordBlob
Required: True
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Get-ADServiceAccount Set-ADServiceAccount New-ADServiceAccount