Set-PAMConfiguration

Updates PAM scenario configuration settings in the MIM Service.

Syntax

Set-PAMConfiguration
   [[-PrivUserPrefix] <String>]
   [[-RoleMinimalDuration] <TimeSpan>]
   [[-RoleMaximalDuration] <TimeSpan>]
   [[-ForestFunctionality] <ForestFunctionality>]
   [-DefaultADContainer <String>]
   [-RequestExpirationInDays <Int32>]
   [-RoleDefaultDuration <TimeSpan>]
   [-UserAdminPasswordLength <Int32>]
   [<CommonParameters>]

Description

The Set-PAMConfiguration cmdlet updates Privileged Access Management (PAM) scenario configuration settings in the Microsoft Identity Manager (MIM) Service. These settings take effect for any subsequent New-PAMGroup, New-PAMUser, or New-PAMRole calls.

Examples

Example 1: Change the default and maximum role duration

PS C:\> Set-PAMConfiguration -RoleMaximalDuration (New-TimeSpan -Days 7) -RoleDefaultDuration (New-TimeSpan -Days 1)

This command changes two parameters of the PAM configuration in the MIM Service.

Optional Parameters

-DefaultADContainer

Specifies the location in the PAM domain for new user and group objects to be created by New-PAMGroup and New-PAMUser.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForestFunctionality

Specifies the Windows Server Active Directory function level of the PAM domain.

Type:ForestFunctionality
Position:5
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PrivUserPrefix

Specifies the string prefix when user names are created.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RequestExpirationInDays

Specifies the minimum number of days before a PAM request is deleted.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RoleDefaultDuration

Specifies the default duration if the time to live (TTL) parameter is not specified to New-PAMRole.

Type:TimeSpan
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RoleMaximalDuration

Specifies the duration limit for new PAM roles.

Type:TimeSpan
Position:3
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-RoleMinimalDuration

Specifies the duration limit for new PAM roles.

Type:TimeSpan
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UserAdminPasswordLength

Specifies the number of characters in passwords generated by New-PAMUser.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.IdentityManagement.PamCmdlets.Model.PAMConfiguration