Replace the Credentials with gMSA for scheduled tasks

  • 182 Views
  • Last Post 14 February 2017
bshwjt posted this 12 February 2017

Hi,

We have multiple scheduled tasks & those are running by normal service acct.

Now we need to change with newly created gMSA. Just need to Replace the Credentials with gMSA . All other parameters need to be same to same.

Can you please help!

 Thanks

Order By: Standard | Newest | Votes
kool posted this 13 February 2017

You have to use PowerShell. Something like this would work after installing the gMSA on the computer and granting it logon-as-a-batch rights.

 

$taskName = "my task" # substitute the task name

$taskPrincipal = "domain\gMSA$" # substitute your domain and gMSA name

 

$principal = New-ScheduledTaskPrincipal -UserID $taskPrincipal -LogonType Password -RunLevel Highest

 

$task = Get-ScheduledTask -TaskName $taskName

 

Set-ScheduledTask -TaskName $task.TaskName -Action $task.Actions -Trigger $task.Triggers -Principal $principal

 

Caveat: there are other issues that can crop up. I have two machines running the same tasks. On one they run using a gMSA but on the other computer the scheduled

tasks fail to start. I’m still debugging this.

 

    Eric

 

show

bshwjt posted this 14 February 2017

Thanks Eric. I also scheduled and that is working but any tweak for export and import scheduled task with gMSA.
#Scheduled Task$DurationTimeSpan = New-TimeSpan -Hours 12 $DurationTimeSpanIndefinite = ([TimeSpan]::MaxValue)$DurationTempTest = New-TimeSpan -Days 1000$Argt = "-File C:\Scripts\test-services.ps1"$action = New-ScheduledTaskAction -Execute '%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe' -Argument $Argt$Trigger = New-ScheduledTaskTrigger -Once -At "07:00" -RepetitionInterval $DurationTimeSpan -RepetitionDuration $DurationTempTest$principle = New-ScheduledTaskPrincipal -UserId contoso\npa1234$ -LogonType PasswordRegister-ScheduledTask myserviceadmintask -TaskPath \AD-Service -Action $action -Trigger $trigger -Principal $principle -Description "Disk Report-Author:Biswajit-Managed by Powershell Only GUI Wont work"
On 14-Feb-2017 3:12 AM, "Eric Kool-Brown" <kool@xxxxxxxxxxxxxxxx> wrote:
















You have to use PowerShell. Something like this would work after installing the gMSA on the computer and granting it logon-as-a-batch rights.

 

$taskName = "my task" # substitute the task name

$taskPrincipal = "domain\gMSA$" # substitute your domain and gMSA name

 

$principal = New-ScheduledTaskPrincipal -UserID $taskPrincipal -LogonType Password -RunLevel Highest

 

$task = Get-ScheduledTask -TaskName $taskName

 

Set-ScheduledTask -TaskName $task.TaskName -Action $task.Actions -Trigger $task.Triggers -Principal $principal

 

Caveat: there are other issues that can crop up. I have two machines running the same tasks. On one they run using a gMSA but on the other computer the scheduled

tasks fail to start. I’m still debugging this.

 

    Eric

 

show

Close