Kenan Bülbül | System and Network

In this article we will review the Temporary Group Membership released with Windows Server 2016.

Sometime we need to add a user to group/groups as temporary. After that process we may forget to remove or need to remove as manually. The great feature released with Windows Server 2016 “Privileged Access Management” we can manage that automatically.

Scenario : We will add an user to a group for 5 min.

There is a domain named and server name DC showing next figure.


First of all we need to add that features to Server. For that we have one way and this is Powershell.

Here is the necessary powershell line :

Enable-AdOptionalFeature -Identity “Privileged Access Management Feature” -Scope ForestOrConfigurationSet -Target “”


We enabled the PAM feature with that powershell line.

We can check status of this feature with powershell line.

Get-ADOptionalFeature -Filter {Name -like “Privileged*”}


Well. Everything seems perfect.

Now we will add an user to a group as temporary.

Here is the Powershell line :

Add-ADGroupMember -Identity “ColoredPrinter” -Members “jack” -MemberTimeToLive (New-TimeSpan -Minutes 5)


I am confirm the process done :


Also you can review the status of time on the member properties :


You see the TTL value as second.

When the time is expired the member will remove automatically.

I used the time properties as minute but you can use as days, Hours, seconds.


[-Days < Int32>]

[-Hours < Int32>]

[-Minutes < Int32>]

[-Seconds < Int32>]


Hope it will help to you. I so liked that feature and its usefull for me.

Have a good servers!