none
How do I create and manage gMSA accounts with .NET (C#) instead of PowerShell? RRS feed

  • Question

  • I know gMSA accounts can be created via PowerShell, but that doesn't work in our automation environment. We need to programmatically manage gMSA accounts. How do we do so? Are there .NET classes available for use? Failing that, what raw commands can we execute so I can create our own class?

    Again, PowerShell is not an option.

    Monday, April 22, 2019 2:21 PM

All replies

  • Hi

    Thank you for posting here.

    Based on your description, you want to create and manage GMSA account via C#.

    The following link is similar to your question, you could have a look.

    https://social.msdn.microsoft.com/Forums/en-US/3050e3a7-8fa2-47a6-a581-316b4a9f4a60/how-do-you-create-gmsa-account-via-c?forum=csharpgeneral

    Best regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, April 23, 2019 5:33 AM
    Moderator
  • Hi

    Thank you for posting here.

    Based on your description, you want to create and manage GMSA account via C#.

    The following link is similar to your question, you could have a look.

    https://social.msdn.microsoft.com/Forums/en-US/3050e3a7-8fa2-47a6-a581-316b4a9f4a60/how-do-you-create-gmsa-account-via-c?forum=csharpgeneral

    Best regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Please reread my question. I'm asking for an answer WITHOUT POWERSHELL. If it can't be done with .NET, our company is not interested. PowerShell is more like anti-automation.
    Tuesday, April 23, 2019 1:41 PM
  • PowerShell is .NET based so if it can do something then .NET can. In the particular case of the gMSA stuff you should look at what PS command is executed and then you can go look at the underlying calls to .NET being made. As an example the New-ADServiceAccount command is implemented in Microsoft.ActiveDirectory.Management from what I can tell. That namespace contains the ADServiceAccount which is likely what the PS module is using. By either mapping the PS commands to the corresponding types in the assembly or just looking at the available members in the docs you should be able to replicate what the PS script does.

    Michael Taylor http://www.michaeltaylorp3.net

    Tuesday, April 23, 2019 3:13 PM
    Moderator
  • Aye, that's the path we're already prepared to pursue. We're hoping for something more official, however. So far, all of Microsoft's tech articles push PowerShell. We have an AD Tool Suite, however, for managing our AD, and PowerShell really isn't a viable option for our collection of AD microservices, nor for our automation systems. Meanwhile, I'll see what I can see with ADServiceAccount.
    Tuesday, April 23, 2019 7:13 PM
  • Hi

    Thanks for the feedback.

    Based on my research, I could not find a direct way to create gmsa accounts by using .NET. Therefore, I have reported this request in this link.

    Thank you for your support.

    Best Regards,

    Jack


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, April 26, 2019 8:14 AM
    Moderator