¶ GoldenGMSA
https://github.com/Semperis/GoldenGMSA
¶ About
GoldenGMSA is a C# tool for abusing Group Managed Service Accounts (gMSA) in Active Directory.
¶ Usage
¶ gmsainfo command
Query gMSAs in a domain (gmsainfo):
This operation enumerates gMSAs in a domain and lists their name, SID, associated KDS Root Key, and a Base64 encoded blob that represents their msds-ManagedPasswordID.
.\GoldenGMSA.exe gmsainfo
¶ kdsinfo command
This operation dumps the KDS Root Keys to be used for gMSA password generation. You can dump all KDS Root Keys or a single key specified by its GUID.
The output is a Based64 encoded blob that represents the KDS Root Key.
.\GoldenGMSA.exe kdsinfo
