Share via


New-PAMGroup

Creates a representation of a security group in MIM Service and a foreign principal group in the PAM domain.

Syntax

Default (Default)

New-PAMGroup
    [-SourceGroupName] <String>
    [-SourceDomain] <String>
    [[-Credentials] <PSCredential>]
    [[-SourceDC] <String>]
    [-PrivOnly]
    [[-Container] <String>]
    [[-Session] <PAMSession>]
    [<CommonParameters>]

Description

The New-PAMGroup cmdlet creates a representation of a group in the MIM Service. Also, unless the PrivOnly parameter is specified, the New-PAMGroup cmdlet creates a foreign principal group in the privileged access management (PAM) domain, which has the same security identifier as an existing source security group.

Examples

EXAMPLE 1

$pg = New-PAMGroup -SourceGroupName "CorpAdmins" -SourceDomain CORP  -SourceDC CORPDC -Credentials $cc -CloneSIDHistory 1

This command creates a new foreign principal group in the Active Directory forest privileged access management (PAM) domain. The SID of the group will be copied from the group CorpAdmins in the domain CORP. The SIDHistory mechanism will be used to copy the SID from the originating Windows Server CORPDC. The credentials in the variable $cc, obtained from a previous call to get-credential, will be used to authenticate to the CORPDC. The returned data structure can be used as an argument to the New-PAMRole cmdlet.

EXAMPLE 2

$pg = New-PAMGroup -PrivOnly -SourceDomain priv.contoso.local -SourceGroupName "File Admins"

When the PrivOnly parameter is specified, this command creates a representation in the MIM Service for a security group which already exists in the PAM domain. The value of the SourceDomain parameter must be the same as the PAM domain name.

Parameters

-Container

Container in the PAM domain where the foreign principal group is to be created.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:6
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Credentials

Credentials to authenticate as an administrator to the domain where the source group is located.

Parameter properties

Type:PSCredential
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:3
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-PrivOnly

Flag that indicates the group already exists in the PAM domain, but not in MIM, and is not based on any existing group in a separate existing forest.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:5
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Session

Session with the PAM domain and MIM Service.

Parameter properties

Type:PAMSession
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:7
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourceDC

NetBIOS name of the Windows Server with the Active Directory Domain Services role in the source domain.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:4
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourceDomain

NetBIOS name of the domain in which the existing group is located.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:2
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SourceGroupName

Account name of the security group in the source domain.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:1
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Outputs

Microsoft.IdentityManagement.PamCmdlets.Model.PAMGroup

One PAMGroup object representing the group created in the MIM Service and AD.