locked
Schedule a task using gmsa RRS feed

  • Question

  • What is the process to run a scheduled task every few hours using a gmsa account? Currently I have configured the task but it does not run.
    Saturday, August 31, 2019 8:44 AM

Answers

All replies

  • Hi,

    Something here might help:
    Windows Server 2012: Group Managed Service Accounts

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, August 31, 2019 9:32 AM
  • Thanks. The blog suggests to run a command as below:

    $trigger = New-ScheduledTaskTrigger -At 23:00 -Daily

    How can I modify this trigger to make sure that the task repeats every hour Indefinately?

    Sunday, September 1, 2019 7:23 AM
  • The -Hourly parameter doesn't exist, and the PowerShell interface for scheduled task triggers are quite limited, so you'll have to specify how often you want to run (RepetitionDuration) the scheduled task and for what period of time ([System.TimeSpan]::MaxValue).

    You can use the Set-ScheduledTask cmdlet to modify an existing Scheduled Task, or use the Set-JobTrigger cmdlet to change the job trigger of a scheduled job.

    Here's a few examples for you:

    Scheduled Task with Daily Trigger and Repetition Interval

    Creating a scheduled task in Windows that will run at intervals indefinitely

    Create Scheduled Task or Scheduled Job to Indefinitely Run a PowerShell Script Every 5 Minutes


    Blog: https://thesystemcenterblog.com LinkedIn:

    Sunday, September 1, 2019 8:46 AM
  • Thanks I will try it out.
    Monday, September 2, 2019 6:26 AM
  • Hello Leon,

    While using the gmsa account, how can I specify the option to Run whether the user is logged on or not in the task, currently it is set to run only when the user is logged on and does not work. If I change manually, it asks for a password for the gmsa account?

    Wednesday, September 4, 2019 11:41 AM
  • The equivalent PowerShell option for "Run whether user is logged in or not" in the Task Scheduler GUI is the following cmdlet: New-ScheduledTaskPrincipal.

    The command for the option to "Run whether user is logged in or not" is as follows:

    New-ScheduledTaskPrincipal -LogonType S4U

    Some more information over here:
    Set a Scheduled Task to run when user isn't logged in


    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, September 4, 2019 11:48 AM
  • Thanks, but the blog: https://techcommunity.microsoft.com/t5/Core-Infrastructure-and-Security/Windows-Server-2012-Group-Managed-Service-Accounts/ba-p/255910, is asking to use LogonType Password ?

    Wednesday, September 4, 2019 11:51 AM
  • When I use the logontype as S4U, the Register-ScheduledTask gives access is denied?
    Wednesday, September 4, 2019 12:00 PM
  • When I created a task accordingly to Windows Server 2012: Group Managed Service Accounts, the task was automatically set with "Run whether user is logged on or not".

    My script:

    $Action = New-ScheduledTaskAction "C:\Temp\Cmd.bat" 
    $Trigger = New-ScheduledTaskTrigger -At 12:00 -Daily
    $Principal = New-ScheduledTaskPrincipal -UserID gMSAcct01$ -LogonType Password
    
    Register-ScheduledTask TestTask –Action $Action –Trigger $Trigger –Principal $Principal  

    Example:

    Result:


    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, September 4, 2019 12:38 PM
  • Yeah so far it works, however when I change it to run hourly. It switches back to Run only when the user is logged on? Any way to retain the option of run whether the user is logged on or not when setting the task to run hourly?
    Wednesday, September 4, 2019 12:56 PM
  • Try this:

    $Action = New-ScheduledTaskAction "C:\Temp\Cmd.bat" 
    $Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 60) -RepetitionDuration (New-TimeSpan -Days (365 * 10))
    $Principal = New-ScheduledTaskPrincipal -UserID gMSAcct01$ -LogonType Password
    
    Register-ScheduledTask TestTask –Action $Action –Trigger $Trigger –Principal $Principal 

    It's not "indefinitely" but you can change the value to more (for more years), should cover you pretty far though.


    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, September 4, 2019 1:04 PM
  • I am getting an error: 0x8007010b  Error Value : 2147942667

    Below is the what I am trying:

    $action=New-ScheduledTaskAction -Execute 'powershell.exe' -WorkingDirectory C:\Scripts\myscript.ps1
    $Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 60) -RepetitionDuration (New-TimeSpan -Days (365 * 10))
    $Principal = New-ScheduledTaskPrincipal -UserID gMSAcct01$ -LogonType Password
    Register-ScheduledTask TestTask –Action $Action –Trigger $Trigger –Principal $Principal 

    Is the New-ScheduledTaskAction correct?

    Wednesday, September 4, 2019 1:43 PM
  • If you have "Run whether user is logged in or not" your gMSA must be member of the Log on as a batch job or the local Administrators group to be able to run.

    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, September 4, 2019 3:33 PM