Photo by Jonathon Young / Unsplash
Enable PAM (Privileged Access Management) in Active Directory

Enable PAM (Privileged Access Management) in Active Directory

Bastien Perez
Bastien Perez

Clap

This feature requires DCs and a forest functional level 2016. Once this feature has been activated, it cannot be deactivated.

To activate :

Enable-ADOptionalFeature "Privileged Access Management Feature" -Scope ForestOrConfigurationSet -Target tondomaine.com

Activation causes the following changes in AD:

  • The attribute msDS-EnabledFeature of each NTDS  Sttings objects has the value CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The object CN=Partitions,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the attribute msDS-EnabledFeature with CN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain,DC=com
  • The objectCN=Privileged Access Management Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ad,DC=itprotips,DC=com contains the backlink msDS-EnabledFeatureBL.
banner-Bastien Perez
Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace