Share tips from the IT field
Microsoft training
Photo by Jonathon Young / Unsplash
Enable PAM (Privileged Access Management) in Active Directory
— 1 min read

Enable PAM (Privileged Access Management) in Active Directory

Bastien Perez
Follow
bastien-perez

This feature requires DCs and a forest functional level 2016. Once this feature has been activated, it cannot be deactivated.

To activate :

Enable-ADOptionalFeature "Privileged Access Management Feature" -Scope ForestOrConfigurationSet -Target tondomaine.com

Activation causes the following changes in AD:

  • The attribute msDS-EnabledFeature of each NTDS Sttings objects has the value CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The object CN=Partitions,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the attribute msDS-EnabledFeature with CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The objectCN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the backlink msDS-EnabledFeatureBL.
Active Directory
Previous Post Creating dynamic AD objects
Next Post Add an object temporarily to an AD group

Comments

banner-Bastien Perez
Bastien Perez's avatar
Follow

Freelance Microsoft 365 - Active Directory - Modern Workplace

France