Windows Task Scheduler for SQLOpsDB

# Step 1: Setup Windows Security Group for gMSA
New-ADGroup -Name gsg_SQLgMSA_SQLOpsDB `
-Description “Security group for SQLgMSA_SQLOpsDB Collection Machine”  `
-GroupCategory Security -GroupScope Global

# Step 2: Add the collection machine to the security group. SQLCMS$ is the computer account for my collection machine.
Add-ADGroupMember -Identity gsg_SQLgMSA_SQLOpsDB `
-Members SQLCMS$

# Step 3: Create gMSA.
New-ADServiceAccount -Name gMSA_SQLOpsDB `
-PrincipalsAllowedToRetrieveManagedPassword gsg_SQLgMSA_SQLOpsDB `
-Enabled:$true -DNSHostName gMSASQLOpDB.Lab.Local `
   -ManagedPasswordIntervalInDays 30 -SamAccountName gMSA_SQLOpDB

# Create Task Credentials for gMSA Account
$gMSAAcct = New-ScheduledTaskPrincipal -UserID LAB\gMSA_SQLOpDB$ -LogonType Password -RunLevel Highest

# Create Schedule for Each Task
$DailyTrigger6AM = New-ScheduledTaskTrigger -Daily -At "6 AM"
$DailyTrigger2AM = New-ScheduledTaskTrigger -Daily -At "2 AM"
$WeeklyTrigger4AM = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At "4 AM"

# Assign the Task to Schedule & gMSA
Set-ScheduledTask -TaskName "SQLOpsDB.DataCollection" -Trigger $DailyTrigger6AM -Principal $gMSAAcct
Set-ScheduledTask -TaskName "SQLOpsDB.ConfigurationHealth.Daily" -Trigger $DailyTrigger2AM -Principal $gMSAAcct
Set-ScheduledTask -TaskName "SQLOpsDB.ConfigurationHealth.Weekly" -Trigger $WeeklyTrigger4AM -Principal $gMSAAcct