Configure Just Enough Administration (JEA)

1 hour
  • 3 Learning Objectives

About this Hands-on Lab

This lab walks through the process of configuring Just Enough Administrative (JEA).

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure Active Directory
  1. Create the two organizational units (OUs), one for privileged user accounts named Privileged Admins and another for non-privileged user accounts named User Accounts.
    1. Move the privileged user account admin_user to the privileged user account OU.
    2. Move the non-privlileged user account helpdesk_user to the non-privileged account OU.
  2. Create a Domain Local Active Directory security group named Helpdesk Staff.
  3. Add the helpdesk_user user to the Helpdesk Staff group.
Configure Just Enough Administration (JEA)
  1. Configure Just Enough Administration (JEA) to allow helpdesk staff to unlock accounts and reset passwords for non-privileged user accounts using the Active Directory powershell module:
    1. Create a module.
    2. Define role capabilities.
    3. Create the session configuration.
    4. Register the configuration.

Please note: You can refer to the following code snippets when creating your role capabilities: Code Snippets

Test the Configuration
  1. Log on to BRAWKS1 as our non-privileged domain user account [email protected].
  2. Connect to BRADC1 using PowerShell Remoting and specify the configuration you created.
  3. Test unlocking accounts and resetting user accounts for prilvileged like admin_user and non-prilveged users like helpdesk_user.

Additional Resources


As you walk through the lab, consider the following scenario:

You are a Senior Systems Administrator at Barrier Reef Audio, a company that focuses on generating text from speech using a range of high-quality audio equipment, and machine learning.

The IT team at Barrier Reef Audio is growing, with multiple staff members joining the help desk team over the next few months. The new help desk staff will be performing basic administrative tasks using Domain Controllers including resetting passwords and unlocking non-privileged user accounts.

You decide to use Just Enough Administration (JEA) to delegate administrative tasks to these staff members.

In this lab, you will:

  1. Configure Active Directory.

  2. Configure Just Enough Administration (JEA):

    • Create a module.
    • Define role capabilities.
    • Create the session configuration.
    • Register the configuration.
  3. Test the configuration.

Lab Setup

In this lab, you will be connecting to VMs using Remote Desktop. You won’t need to access the Azure Portal.

Note: To complete this lab, you will need to use a remote desktop client:

If you get stuck, feel free to check out the lab objectives or the solution video. Good luck!

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?