Gets a usable PSCredential for a gMSA.
This module would not be possible without the helpful open source tools from DSInternals.
Install-Module GMSACredentialgMSA's are accounts whose password is requested and is not known. Active Directory effectively becomes your password manager and you request the password from an account that has permissions to request it. Generally this is done by Windows and you use these accounts as IIS App Pools or to run services, but there's no reason we can't get a PSCredential and use them in PowerShell!
$Cred = Get-GMSACredential -GMSAName 'gMSATest' -Domain 'Home.Lab'
invoke-command -ComputerName localhost -Credential $cred -ScriptBlock { whoami }The above command outputs home\gmsatest$ to prove it is working. gMSA's generally have a $ at the end of the account, but it's not required for this module.
There's not much to this, the only gotcha is you need to run this as an account with permissions to get the gMSA password
If you want a more in-depth guide including how to set up your environment for gMSAs, please look at the wiki - there's a great guide on Passwordless PowerShell.