The reason that Get-ADObject
and Get-ADComputer
do not return gMSAs is because gMSAs (Group Managed Service Accounts) are not traditional user or computer accounts. They are a type of service account specifically designed for applications running on multiple servers, and are managed by Active Directory rather than individual servers.
To retrieve information about gMSAs, you can use the Get-ADServiceAccount
cmdlet. This cmdlet is specifically designed to work with gMSAs, and can be used to retrieve information such as the account name, description, and group memberships.
In your scenario, you could modify your script to first use Get-ADObject
to retrieve the type of each member, and then use the appropriate cmdlet (e.g. Get-ADUser
, Get-ADGroup
, Get-ADServiceAccount
, etc.) to retrieve the properties for that specific type of object. This way, you can handle all types of objects within the same script.
Please mark as helpful answer if it helps you :-)