Install and Configure a Group Managed Service Account with PowerShell

Managed Service Accounts (MSAs) were introduced in Windows Server 2008, and Group Managed Service Accounts (gMSAs) were introduced in Windows Server 2012. Since then, a lot has been said about gMSAs (see the references section at the bottom). So in this post, I’ll just summarize the flow and the PowerShell commands needed for each step…

1

Get-ADUser : One or more properties are invalid. Parameter name: msDS-AssignedAuthNPolicy

If you are running PowerShell 4.0 on Windows 8.1/2012 R2 and tried to use the Get-ADUser or Get-ADComputer cmdlets (from the ActiveDirectory Module) with the -Property parameter, specifying * to get all the properties’ object, you may have encountered the error message below: Get-ADUser : One or more properties are invalid. Parameter name: msDS-AssignedAuthNPolicy At…

2