Share via

Scheduled Task fails under gMSA

Bojan Zivkovic 551 Reputation points
2025-02-16T15:00:32.1533333+00:00

Hi, I have odd situation that PS code runs fine under my domain admin account but not as scheduled task running under gMSA (with temporary domain admin rights).

PS code does the following:

  1. Gets a list of all DCs.
  2. Gets Server Authentication certificates renewal events from all DCs in the past 1 day (LogName = 'Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational';Id = '1001') using Get-WinEvent -FilterHashtable $params -ComputerName $DC line.
  3. Converts events from step 2 to XML to extract certificate(s) information.
  4. Creates custom PS objects with attributes from step 3.
  5. Creates folder on the management machine.
  6. Connects remotely to DCs with renewed Server Authentication certificate(s) and exports certificate to .cer file.
  7. Copies .cer file(s) (from remote PS Sessions) to management server machine (folder from step 5).
  8. Compresses all .cer files to .zip archive.
  9. Sends mail with table containing renewed certificates details + attachment (.zip archive from step 8).

Which step here can't be executed under gMSA, even with temporary domain admin rights? Chances are high it is Get-WinEvent -FilterHashtable $params -ComputerName $DC line but if so, why?

When scheduled task runs nothing happens and when it completes error in Task Scheduler is (0x1).

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MotoX80 35,626 Reputation points
    2025-02-16T16:15:00.48+00:00

    For starters, configure the scheduled task to execute a bat file which calls the Powershell script. Have it capture stdout and stderr so that you can see what messages Powershell produces.

    https://learn.microsoft.com/en-us/answers/questions/2141466/how-to-run-a-task-with-task-scheduler

    If you need additional information have your script generate a transcript.

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.host/start-transcript?view=powershell-5.1

    Put a start-transcript at the beginning of the script and a stop-transcript at the end.

    Add troubleshooting statements in your script to display key processing points and what data it sees.

    "About to look for files"
$files = Get-Childitem -path "C:\whatever" 
"We found {0} files." -f $files.count
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.