Configure the MIM environment for Privileged Access Management
Note
The PAM approach provided by MIM PAM is not recommended for new deployments in Internet-connected environments. MIM PAM is intended to be used in a custom architecture for isolated AD environments where Internet access is not available, where this configuration is required by regulation, or in high impact isolated environments like offline research laboratories and disconnected operational technology or supervisory control and data acquisition environments. MIM PAM is distinct from Microsoft Entra Privileged Identity Management (PIM). Microsoft Entra PIM is a service that enables you to manage, control, and monitor access to resources in Microsoft Entra ID, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune. For guidance on on-premises Internet-connected environments and hybrid environments, see securing privileged access for more information.
There are seven steps to complete when setting up the environment for cross-forest access, installing and configuring Active Directory and Microsoft Identity Manager, and demonstrating a just-in-time access request.
These steps are laid out so that you can start from scratch and build a test environment. If you're applying PAM to an existing environment, you can use your own domain controllers or user accounts for the CONTOSO domain, instead of creating new ones to match the examples.
If you do not have an existing domain you wish to have as the domain to manage, prepare CORPDC server as a domain controller.
Prepare PRIVDC server as a domain controller for a separate WS 2016 domain and forest, PRIV.
Prepare PAMSRV server in the PRIV forest, to hold the MIM server software.
Install MIM components on PAMSRV and prepare them for Privileged Access Management.
Install the cmdlets on a CONTOSO forest member workstation.
Establish trust between PRIV and CONTOSO forests.
Preparing privileged security groups with access to protected resources and member accounts for Just-in-time Privileged Access Management.
Demonstrate requesting, receiving, and making use of privileged elevated access to a protected resource.