Microsoft Security | Microsoft Identity Manager
A tool for managing user identities, credentials, and access across on-premises and cloud environments
MIM PAM elevated user cannot access active directory sites and policy's....
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 7.000000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Abdelrahman khalil
170
Reputation points
Hello Guys,
I've deployed a PAM solution like the following: created a new bastion forest defined roles, PRIV users and candidates and a working sample pam web portal and PRIV users can have access to the roles and log into their machines once they have the roles. however, my issue is when a user takes the shadow principle and be member of the schema admins, domain admins and enterprise admins the user Connot access any of the group Policys, trust, only could access the AD sites and users.
and when trying to open the file share server as well and change to the PRIV domain to add users from it to be able to access the share on the source forest it won't let select the PRIV users or find them like I've done as the guide when delegating the PAM services accounts to the source AD
any help !
Microsoft Security | Microsoft Identity Manager
Sign in to answer