Share tips from the IT field
Microsoft training
Photo by Jonathon Young / Unsplash
Enable PAM (Privileged Access Management) in Active Directory

Enable PAM (Privileged Access Management) in Active Directory

Published on 26 Sep 2023
Bastien Perez
Bastien Perez

Clap

This feature requires DCs and a forest functional level 2016. Once this feature has been activated, it cannot be deactivated.

To activate :

Enable-ADOptionalFeature "Privileged Access Management Feature" -Scope ForestOrConfigurationSet -Target tondomaine.com

Activation causes the following changes in AD:

  • The attribute msDS-EnabledFeature of each NTDS Sttings objects has the value CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The object CN=Partitions,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the attribute msDS-EnabledFeature with CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The objectCN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the backlink msDS-EnabledFeatureBL.
Active Directory

Comments

banner-Bastien Perez
Bastien Perez

Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France