Use PowerShell - Add users to groups and automatically remove them after a specific time period
Вставка
- Опубліковано 9 вер 2024
- Use PowerShell - Add users to groups and automatically remove them after a specific time period
1. Prepare
- DC1 : Domain Controller(Yi.vn)
2. Step by step : Active EnableScopes parameter and add users to groups and automatically remove them after a specific time period
- Server Manager - Tools - Active Directory Users and Computers - Check group GIT
- Server Manager - Tools - Active Directory Module for Windows PowerShell :
+ (Get-ADForest).ForestMode # Make sure your AD forest is running at Windows Server 2016 forest function level (or higher)
+ Get-ADOptionalFeature -filter "name -eq 'privileged access management feature'"
Check if the Privileged Access Management feature is enabled in the current forest using the command
+ Enable-ADOptionalFeature 'Privileged Access Management Feature' -Scope ForestOrConfigurationSet -Target Yi.vn # Active EnableScopes parameter
+ Get-ADOptionalFeature -filter "name -eq 'privileged access management feature'" # Check again
+ $ttl = New-TimeSpan -Minutes 1 # Test 1 minute (you can set -Hours, -Days )
+ Add-ADGroupMember -Identity GIT -Members HiepHR -MemberTimeToLive $ttl # Add HiepHR to GIT for 1 minute
+ Get-ADGroup GIT -Property member -ShowMemberTimeToLive # Check how much time a user will be a group member
- Active Directory Users and Computers - Check group GIT - HiepHR is member of GIT
- Wait for 1 minute - Active Directory Users and Computers - Check group GIT - HiepHR removed of GIT - Ok
---------------------------------------------------******************** / microsoftlab ********************----------------------------------------------