New-PAMUser
Creates a user in the MIM Service and the PAM domain.
Syntax
New-PAMUser
[-SourceDomain] <String>
[-SourceAccountName] <String>
[[-PrivAccountName] <String>]
[[-PrivPassword] <SecureString>]
[[-Credentials] <PSCredential>]
[-PrivOnly]
[[-Container] <String>]
[[-Session] <PAMSession>]
[<CommonParameters>]Description
The New-PAMUser cmdlet creates a new PAM User in MIM Service. This user can then become a candidate assigned to one or more PAM Roles.
Examples
EXAMPLE 1
$sj = New-PAMUser -SourceDomain CONTOSO.local -SourceAccountName JenDescription
This command creates a new user in the privileged access management domain corresponding to an existing user Jen in the CONTOSO.LOCAL domain. The return value can be used as an argument to the Candidates parameter of the New-PAMRole cmdlet.
EXAMPLE 2
$u = New-PAMUser -PrivOnly -SourceDomain priv.contoso.local -SourceAccountName "Jen Admin"Description
This command assumes a user exists in the PAM domain priv.contoso.local but does not exist in any other domain. As the -PrivOnly flag is specified, the user record is created only in the MIM Service. The return value can be used as an argument to the Candidates parameter of the New-PAMRole cmdlet, particularly if the Privileges parameter of that cmdlet contains one or more group objects returned by New-PAMGroup with the -PrivOnly flag.
Parameters
-Container
Container in the PAM domain where the user object is to be created.
| Type: | String |
| Position: | 7 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Credentials
Credentials to authenticate to the source domain where the existing user account is located.
| Type: | PSCredential |
| Position: | 5 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrivAccountName
If absent, automatically generated from the configuration parameters and the source account name.
| Type: | String |
| Position: | 3 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrivOnly
If set, indicates that the user exists already in the PAM domain, do not create a new user in that domain.
| Type: | SwitchParameter |
| Position: | 6 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrivPassword
Initial password for the new AD user in the PAM domain.
| Type: | SecureString |
| Position: | 4 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Session
Session with the PAM domain and MIM Service.
| Type: | PAMSession |
| Position: | 8 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceAccountName
Account name of the user in the source domain.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SourceDomain
NetBIOS name of the domain in which the existing user account is located.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
Microsoft.IdentityManagement.PamCmdlets.Model.PAMUser
One object representing the user created in the MIM Service and AD.