# Run this script on Domain Controller

param(
    [Parameter(Mandatory=$true)][string] $ServiceAccountName,
    [Parameter(Mandatory=$true)][string] $DNSHostName,
    [Parameter(Mandatory=$true)][string[]] $ServerList
)

# Check if Server exists
foreach ($Server in $ServerList) {
    try {
        Get-ADComputer $Server | Out-Null
        if ($Server[$Server.Length - 1] -ne '$') {
            Write-Output "`r`nPlease append a dollar sign `$ to each server name."
            exit
        }
    }   
    catch {
        Write-Output "$Server does not exist"
        exit
    }   
}

#Get KDS Root Key 
$KdsRootKey = Get-KdsRootKey
if ($KdsRootKey -eq $null) {
    Add-KdsRootKey -EffectiveTime ((get-date).AddHours(-10))
}

Install-WindowsFeature rsat

try {
    $ServiceAccount = Get-ADServiceAccount -Identity $ServiceAccountName -ErrorAction SilentlyContinue
    if (Test-ADServiceAccount -Identity $ServiceAccountName) {
        Set-ADServiceAccount -Identity $ServiceAccountName -DNSHostName $DNSHostName -PrincipalsAllowedToRetrieveManagedPassword $ServerList
    }
}
catch {
    New-ADServiceAccount -Name $ServiceAccountName -DNSHostName $DNSHostName -PrincipalsAllowedToRetrieveManagedPassword $ServerList
}