New-​PA​MGroup

Creates a representation of a security group in the MIM Service and a foreign principal group in Active Directory.

Syntax

New-PAMGroup
   [-SourceGroupName] <String>
   [-SourceDomain] <String>
   [[-Credentials] <PSCredential>]
   [[-SourceDC] <String>]
   [-PrivOnly]
   [[-Container] <String>]
   [[-Session] <PAMSession>]
   [<CommonParameters>]

Description

The New-PAMGroup cmdlet creates a representation of a group in the Microsoft Identity Manager (MIM) Service. Also, unless the PrivOnly parameter is specified, the New-PAMGroup cmdlet creates a foreign principal group in the Privileged Access Management (PAM) domain that has the same security identifier as an existing source security group.

Examples

Example 1: Create a new foreign principal group in the Active Directory forest PAM domain

PS C:\> $PAMGroup = New-PAMGroup -SourceGroupName "CorpAdmins" -SourceDomain "CORP" -SourceDC "CORPDC" -Credentials $Cred -CloneSIDHistory 1

This command creates a new foreign principal group in the Active Directory forest privileged access management (PAM) domain. The security ID (SID) of the group will be copied from the group CorpAdmins in the domain CORP. The SIDHistory mechanism will be used to copy the SID from the originating Windows Server CORPDC. The credentials in the variable $Cred, obtained from a previous call to get-credential, will be used to authenticate to the CORPDC. The returned data structure can be used as an argument to the New-PAMRole cmdlet.

Example 2: Create a representation in the MIM Service for a security group which already exists in the PAM domain

PS C:\> $PAMGroup = New-PAMGroup -PrivOnly -SourceDomain "priv.contoso.local" -SourceGroupName "Domain Admins"

This command creates a representation in the MIM Service for a security group which already exists in the PAM domain when the PrivOnly parameter is specified. The value of the SourceDomain parameter must be the same as the PAM domain name.

Required Parameters

-SourceDomain

Specifies the NetBIOS name of the domain in which the existing group is located.

Type:String
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SourceGroupName

Specifies the account name of the security group in the source domain.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Container

Specifies an alternate container to create the group in the PAM domain.

Type:String
Position:6
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Credentials

Specifies the credentials to authenticate as an administrator to the domain where the source group is located.

Type:PSCredential
Position:3
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PrivOnly

Indicates the group already exists in the PAM domain, but not in MIM, and is not based on any existing group in a separate existing forest.

Type:SwitchParameter
Position:5
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Session

Specifies a session with the PAM domain and MIM Service.

Type:PAMSession
Position:7
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SourceDC

Specifies the NetBIOS name of the Windows Server with the Active Directory Domain Services role in the source domain.

Type:String
Position:4
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.IdentityManagement.PamCmdlets.Model.PAMGroup