This feature requires DCs and a forest functional level 2016. Once this feature has been activated, it cannot be deactivated.

To activate :

Enable-ADOptionalFeature "Privileged Access Management Feature" -Scope ForestOrConfigurationSet -Target tondomaine.com

Activation causes the following changes in AD:

  • The attribute msDS-EnabledFeature of each NTDS Sttings objects has the value CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The object CN=Partitions,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the attribute msDS-EnabledFeature with CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The objectCN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the backlink msDS-EnabledFeatureBL.
Active Directory
Previous Post Creating dynamic AD objects
Next Post Add an object temporarily to an AD group

Comments

banner-Bastien Perez
Bastien Perez's avatar

Freelance Microsoft 365 - Active Directory - Modern Workplace

France