New-​PA​MUser

Creates a PAM user in the MIM Service and also a new user in the PAM Active Directory domain corresponding to an existing user in a source domain.

Syntax

New-PAMUser
   [-SourceDomain] <String>
   [-SourceAccountName] <String>
   [[-PrivAccountName] <String>]
   [[-PrivPassword] <SecureString>]
   [[-Credentials] <PSCredential>]
   [-PrivOnly]
   [[-Container] <String>]
   [[-Session] <PAMSession>]
   [<CommonParameters>]

Description

The New-PAMUser cmdlet creates a Privileged Access Management (PAM) user in the Microsoft Identity Manager (MIM) Service. This user can then become a candidate assigned to one or more PAM Roles.

Examples

Example 1: Create a user in the PAM domain corresponding to an existing user in a domain

PS C:\> New-PAMUser -SourceDomain "CONTOSO.LOCAL" -SourceAccountName "PFuller"

This command creates a user in the PAM domain corresponding to an existing user PFuller in the CONTOSO.LOCAL domain. You can use the return value as an argument to the Candidates parameter of the New-PAMRole cmdlet.

Example 2: Create a user on a single domain based on an existing user

PS C:\> New-PAMUser -PrivOnly -SourceDomain "PRIV.CONTOSO.LOCAL" -SourceAccountName "PF Admin"

This command assumes a user exists in the PAM domain named PRIV.CONTOSO.LOCAL but does not exist in any other domain. The user record is created only in the MIM Service since the -PrivOnly parameter is specified. The return value can be used as an argument to the Candidates parameter of the New-PAMRole cmdlet, particularly if the Privileges parameter of that cmdlet contains one or more group objects returned by New-PAMGroup with the PrivOnly parameter.

Required Parameters

-SourceAccountName

Specifies the account name of the user in the source domain.

Type:String
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SourceDomain

Specifies the NetBIOS name of the domain in which the existing user is located.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Container

Specifies an alternate container to create the user in the PAM domain.

Type:String
Position:7
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Credentials

Specifies credentials to authenticate to the domain where the existing user is located.

Type:PSCredential
Position:5
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PrivAccountName

Specifies the privileged account name. If you don't specify a privileged account name, this cmdlet automatically generates one from the configuration parameters and the source account name.

Type:String
Position:3
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PrivOnly

Indicates that the user exists already in the PAM domain and does not create a new user in that domain.

Type:SwitchParameter
Position:6
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PrivPassword

Specifies the initial password for the new Active Directory user in the PAM domain.

Type:SecureString
Position:4
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Session

Specifies a session with the PAM domain and MIM Service.

Type:PAMSession
Position:8
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.IdentityManagement.PamCmdlets.Model.PAMUser