New-PAMGroup
Creates a representation of a security group in MIM Service and a foreign principal group in the PAM domain.
Syntax
New-PAMGroup
[-SourceGroupName] <String>
[-SourceDomain] <String>
[[-Credentials] <PSCredential>]
[[-SourceDC] <String>]
[-PrivOnly]
[[-Container] <String>]
[[-Session] <PAMSession>]
[<CommonParameters>]Description
The New-PAMGroup cmdlet creates a representation of a group in the MIM Service. Also, unless the PrivOnly parameter is specified, the New-PAMGroup cmdlet creates a foreign principal group in the privileged access management (PAM) domain, which has the same security identifier as an existing source security group.
Examples
EXAMPLE 1
$pg = New-PAMGroup -SourceGroupName "CorpAdmins" -SourceDomain CORP -SourceDC CORPDC -Credentials $cc -CloneSIDHistory 1This command creates a new foreign principal group in the Active Directory forest privileged access management (PAM) domain. The SID of the group will be copied from the group CorpAdmins in the domain CORP. The SIDHistory mechanism will be used to copy the SID from the originating Windows Server CORPDC. The credentials in the variable $cc, obtained from a previous call to get-credential, will be used to authenticate to the CORPDC. The returned data structure can be used as an argument to the New-PAMRole cmdlet.
EXAMPLE 2
$pg = New-PAMGroup -PrivOnly -SourceDomain priv.contoso.local -SourceGroupName "File Admins"When the PrivOnly parameter is specified, this command creates a representation in the MIM Service for a security group which already exists in the PAM domain. The value of the SourceDomain parameter must be the same as the PAM domain name.
Parameters
-Container
Container in the PAM domain where the foreign principal group is to be created.
| Type: | String |
| Position: | 6 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Credentials
Credentials to authenticate as an administrator to the domain where the source group is located.
| Type: | PSCredential |
| Position: | 3 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrivOnly
Flag that indicates the group already exists in the PAM domain, but not in MIM, and is not based on any existing group in a separate existing forest.
| Type: | SwitchParameter |
| Position: | 5 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Session
Session with the PAM domain and MIM Service.
| Type: | PAMSession |
| Position: | 7 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceDC
NetBIOS name of the Windows Server with the Active Directory Domain Services role in the source domain.
| Type: | String |
| Position: | 4 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceDomain
NetBIOS name of the domain in which the existing group is located.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceGroupName
Account name of the security group in the source domain.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
Microsoft.IdentityManagement.PamCmdlets.Model.PAMGroup
One PAMGroup object representing the group created in the MIM Service and AD.