MIM PAM check user role RRS feed

  • Question

  • we are using Microsoft Identity Manager, as there is no option in the GUI to check what PAM role does a user how, is there a powershell cmd to check what PAM roles does a user have?
    Monday, December 3, 2018 12:46 PM

All replies

  • Hi Ajay,

    I just posted a blog which outlines how to add this functionality into the MIM Portal GUI with screenshots. Essentially, you would need to add a new search scope with an advanced filter that queries all msidmpamrole objects which contain the specified candidate (a specific user). The advanced filter value I used is:

    /msidmPamRole[msidmPamCandidates= /Person[AccountName='%SEARCH_TERM_STRING%']/ObjectID]

    More information on Advanced Filters can be found on

    If you exclusively need a Powershell cmd, you will need to write your own script utilizing the Get-PAMRole and Get-PAMUser cmdlets to the best of my knowledge as the available cmdlets as released do not have a search constraint for what you are asking. 

    Let me know if you have any further questions or if this solution worked for you.

    Wednesday, December 5, 2018 4:53 PM