In this article we will review the Temporary Group Membership released with Windows Server 2016.

Sometime we need to add a user to group/groups as temporary. After that process we may forget to remove or need to remove as manually. The great feature released with Windows Server 2016 “Privileged Access Management” we can manage that automatically.

Scenario : We will add an user to a group for 5 min.

There is a domain named kenanbulbul.com and server name DC showing next figure.

privileged_access_management_1

First of all we need to add that features to Server. For that we have one way and this is Powershell.

Here is the necessary powershell line :

Enable-AdOptionalFeature -Identity “Privileged Access Management Feature” -Scope ForestOrConfigurationSet -Target “kenanbulbul.com”

privileged_access_management_2

We enabled the PAM feature with that powershell line.

We can check status of this feature with powershell line.

Get-ADOptionalFeature -Filter {Name -like “Privileged*”}

privileged_access_management_3

Well. Everything seems perfect.

Now we will add an user to a group as temporary.

Here is the Powershell line :

Add-ADGroupMember -Identity “ColoredPrinter” -Members “jack” -MemberTimeToLive (New-TimeSpan -Minutes 5)

privileged_access_management_4

I am confirm the process done :

privileged_access_management_5

Also you can review the status of time on the member properties :

privileged_access_management_6

You see the TTL value as second.

When the time is expired the member will remove automatically.

I used the time properties as minute but you can use as days, Hours, seconds.

New-TimeSpan

[-Days < Int32>]

[-Hours < Int32>]

[-Minutes < Int32>]

[-Seconds < Int32>]

 

Hope it will help to you. I so liked that feature and its usefull for me.

Have a good servers!