Question for time based group membership in FL 2016
Stefan Kania
stefan at kania-online.de
Thu Feb 1 18:22:38 UTC 2024
Hi to all,
I already posted the question in the samba-mailinlist but I think it's
more a question for developers :-)
I have a question about FL 2016 and if samba supports it. If yes, how
can I use it without powershell.
In FL 2016 there is the possibility to put a user into a group and the
membership is time based. So I could put the user Foo into the group
'domain admins' for 30 minutes and after 30 minutes the system will
remove user foo from the group.
But to activated this feature you have to give a powershell command:
----------------
Enable-ADOptionalFeature "Privileged Access Management Feature" -Scope
ForestOrConfigurationSet -Target example.net"
-----------------
This feature once enabled can't be disabled anymore
Then I could add a user to a group:
---------------
Add-ADGroupMember -Identity "Domain Admins" -Members "Foo"
-MemberTimeToLive (New-TimeSpan -Minutes 30)
---------------
After 30 minutes Foo will be removed automatically.
But if this feature is supported by samba 4.19 or 4.20 with FL 2016
activated, how could I set this?
I try it with powershell for Linux, but the powershell for Linux is not
supporting AD-commands.
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3477 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20240201/5997d61a/smime.bin>
More information about the samba-technical
mailing list