立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates Exporting data with the Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with the Data Import Importing and exporting individual files for the software update Creating a One Identity Manager database for test or development from a database backup Initializing DBQueue Processor the after extending the server hardware Command line programs

SchemaExtensionCmd.exe

The SchemaExtensionCmd.exe program provides support for importing custom schema extensions into a One Identity Manager database.

In databases with a Test environment or Development system staging level, you can use the program to delete custom schema extensions again.

You can run the program from the command line. The program requires a control file (XML file) for the import. To create control files, use the Schema Extension program. For more information, see the One Identity Manager Configuration Guide.

Calling syntax

SchemaExtensionCmd.exe

/Conn="{Connection string}"

/Auth="{Authentication String}"

[/Definition="{Path to import definition file}"]

[-f]

[/LogLevel=Off|Fatal|Error|Info|Warn|Debug|Trace]

Table 59: Program parameters and options

Parameter or option

Description

/Conn

Database connection parameter. Minimum access level Configuration user.

For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

/Auth

Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

/Definition

Path to the control file (XML file)

Example:

C:\Path\To\Definition.xml

/LogLevel

(Optional) Scope of output to be processed. Permitted values are:

  • Off: No logging.

  • Fatal: All critical error messages are logged.

  • Error: All error messages are logged.

  • Info: All information is logged.

  • Warn: All warnings are logged.

  • Debug: Debugger outputs are logged. This setting should only be used for testing.

  • Trace: Highly detailed information is logged. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.

-f

(Optional) If this parameter is set, the system does not wait for DBQueue Processor task processing. This can lead to errors if schema extensions are expected that must previously be generated by the DBQueue Processor.

-v

(Optional) Provides additional information (verbose).

-? | h

Display program help.

Example:

SchemaExtensionCmd.exe

/Conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

/Auth=Module=DialogUserAccountBased

/Definition=CustomExtensions.xml

CryptoConfigCMD.exe

The CryptoConfigCMD.exe program supports encryption and decryption of the One Identity Manager database. You can run the program from the command line.

Calling syntax

CryptoConfigCMD.exe

--conn={Connection string}

--auth={Authentication string}

[--mode=Encrypt|EncryptExisting|Decrypt]

[--private-key= {Path to private key}]

[-y]

Table 60: Program parameters and options

Parameter or option

Alternative

Description

--conn

--connection|

-c

Database connection parameter. A user with the minimum permission level Configuration user is required.

For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

--auth

--auth-props|-a

Authentication data for the installation. The authentication data depends on the authentication module used.

For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

--mode

-m

(Optional) Mode to run. Permitted values are:

  • Encrypt: create a new private key and encrypt the database (default)

  • EncryptExisting: Encrypt the database with an existing key

  • Decrypt: Decrypt the database values.

--private-key

-p

Enter the file with the encryption information.

This path must not exist when encrypting a database. The key can be found under this path after the encryption process. This key file must be present when decrypting the database.

-y

 

(Optional) If the parameter is present, all security queries are answered with Yes.

--verbose

-v

(Optional) Provides additional information (verbose).

--help

-h, -?

Display program help.

Parameter formats

Multiple-character options can be given in the following forms:

--conn="..."

--conn "..."

/conn="..."

/conn "..."

Single-character options can be given in the following forms:

-c="..."

-c "..."

/c="..."

/c "..."

Switches are allowed in the forms:

-R

/R

Example: Encrypt the database with a new key

CryptoConfigCMD.exe

--conn="Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"

--auth="Module=DialogUser;User=<User name>;Password=<Password>"

--private-key=C:\path\to\private.key

Example: Encrypt the database with an existing key

CryptoConfigCMD.exe

--conn="Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"

--auth="Module=DialogUser;User=<User name>;Password=<Password>"

--mode=EncryptExisting

Example: Decrypt the database with an existing key

CryptoConfigCMD.exe

--conn="Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"

--auth="Module=DialogUser;User=<User name>;Password=<Password>"

--mode=Decrypt

--private-key=C:\path\to\private.key

DBConsCheckCmd.exe

The DBConsCheckCmd.exe program supports consistency checking. You can run the program from the command line.

Unlike the consistency checks in the Manager or the Designer, the table tests and object tests are always carried out on the data of the application data model and system data model.

Calling syntax

DBConsCheckCmd.exe

/Conn="{Connection string}"

/Auth="{Authentication String}"

[-l]

[-p]

[/LogLevel=Off|Fatal|Error|Info|Warn|Debug|Trace]

[/Resultfile="{File}"]

[/ResultIdToSkip="{Error ID}"]

[/ConsistencyType="{Type}"]

[/UidConsistencyCheck="{UID}"]

[-v]

Table 61: Program parameters and options

Parameter or option

Description

/Conn

Database connection parameter. A user with the minimum permission level End user is required. Some consistency checks require the configuration user or administrative user access level.

For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

/Auth

Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

-l

List output with all consistency checks that can be run. The program stops after output is complete.

-p

(Optional) If this parameter is used, the processing progress is shown.

-v

(Optional) Provides additional information (verbose).

-? | -h

Displays program help.

/LogLevel

(Optional) Scope of output to be processed. Permitted values are:

  • Off: No logging.

  • Fatal: All critical error messages are logged.

  • Error: All error messages are logged.

  • Info: All information is logged.

  • Warn: All warnings are logged.

  • Debug: Debugger outputs are logged. This setting should only be used for testing.

  • Trace: Highly more information is logged. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.

/ConsistencyType

(Optional) Specifies the type of consistency checks to be performed. Multiple instances of this parameter are possible. If the parameter is not specified, all types of consistency checks are loaded.

Permitted values are:

  • Database: Runs consistency checks of database test type.

  • Table: Runs consistency checks of table test type.

  • Object: Runs consistency checks of object test type.

The parameter cannot be combined with the /UidConsistencyCheck parameter.

/UidConsistencyCheck

(Optional) Explicit consistency check URL. If the parameter is given, only this consistency check is performed. Multiple instances of this parameter are possible.

The parameter cannot be combined with the /ConsistencyType parameter.

A list of available consistency checks can be displayed with the -l option.

/Resultfile

(Optional) Outputs the results of the consistency checks to a separate results file. If the file already exists, it will be overwritten.

/ResultIdToSkip

(Optional) If the a consistency check results in errors, unique error identifiers are assigned to each of the results. If you supply these error IDs with this parameter so that the error is ignored in the output and the result file. Multiple instances of this parameter are possible.

Example: Listing all consistency checks

DBConsCheckCmd.exe

/Conn= "Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

/Auth="Module=DialogUser;User=<User name>;Password=<Password>"

-l

Example: Runs all available consistency checks and outputs a result file

DBConsCheckCmd.exe

/Conn= "Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

/Auth="Module=DialogUser;User=<User name>;Password=<Password>"

/Resultfile="c:\temp\DBConsCheckCmd.log"

Example: Runs selected consistency checks, outputs a result file and ignores an error

In the example, the two consistency checks DialogTable without Layout information with UID QBM-C78A4C856111AF4CA839024588197F4B and Template uses too long columns with UID QBM-F231939D9385514E9566F2900D8512E2 are run.

An error with the error ID 1a9cef0b6bd93434c2997341d91f2c1ef420f150 is ignored.

DBConsCheckCmd.exe

/Conn= "Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

/Auth="Module=DialogUser;User=<User name>;Password=<Password>"

/Resultfile="c:\temp\DBConsCheckCmd.log"

/UidConsistencyCheck="QBM-C78A4C856111AF4CA839024588197F4B"

/UidConsistencyCheck="QBM-F231939D9385514E9566F2900D8512E2"

/ResultIdToSkip="1a9cef0b6bd93434c2997341d91f2c1ef420f150"

Related topics

WebDesigner.InstallerCMD.exe

Using the program WebDesigner.InstallerCMD.exe, you can install and uninstall the Web Portal using the command line console.

NOTE: Run the installation using the command line console in administrator mode.

Calling syntax for installation

WebDesigner.InstallerCMD.exe

[/prov {Provider}]

/conn {Connection string}

/authprops {Authentication string}

/appname {Application name}

/site {Site}

[/sourcedir {Directory}]

[/apppool {Application pool}]

[/webproject {Web project}]

[/constauthproj {Subproject name} /constauth {Authentication}]

[/searchserviceurl {url}]

[/applicationtoken {Token}]

[/updateuser {User name} [/updateuserdomain {Domain}]

[/updateuserpassword {Password}]]

[/allowhttp {true|false}]

[-f]

[-w]

Calling syntax for uninstalling

WebDesigner.InstallerCMD.exe

[/prov {Provider}]

/conn {Connection string}

/authprops {Authentication}

/appname {Application name}

[/site {Site}]

-R

Calling syntax for uninstalling earlier Web Portal versions back to and included version 6.x

WebDesigner.InstallerCMD.exe

/appname {Application name}

[/site {Site}]

-R

Table 62: Program parameters

Parameter

Description

/Prov

(Optional) Database provider – permitted values are VI.DB.ViSqlFactory, VI.DB and QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client.

/Conn

Database connection parameter.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

/authprops

Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

/appname

Application name.

/site

Internet Information Services web page on which to install the application.

/sourcedir

(Optional) Installation source. If this parameter is set, the installation is performed from the file system. If this parameter is not set, the installation is performed from the database (default).

/apppool

(Optional) Application pool. If this parameter is set, the installation is performed in the specified application pool. If this parameter is not set, a new application pool is installed (default).

/webproject

(Optional) Name of the web project. If this parameter is set, the specified web project is installed. If this parameter is not set, the web project VI_StandardWeb is installed (default).

/constauthproj

Name of the subproject.

/constauth

Authentication settings of the subproject.

/searchserviceurl

Application server for search function availability.

/applicationtoken

Application token for the Password Reset Portal.

/updateuser

(Optional) User for updating. If no user is given, the same user account is used for the application pool.

/updateuserdomain

Active Directory domain of the user.

/updateuserpassword

User password.

/allowhttp

(Optional) If the parameter is set, HTTP is permitted. If this parameter is not available, HTTPS is used (default).

-w

(Optional) Type of authentication used for the web application. If this parameter is set, Windows authentication is used. If this parameter is not set, anonymous authentication is used on IIS (default).

-f

(Optional) If this parameter is set, no permissions are allocated for the IIS_USRS user. If this parameter is not set, the permissions are allocated for the IIS_USRS user (default).

-R

Removes the web application.

/?

Displays program help.

Example: Installation with a direct connection against a SQL Server database.

In this example, the parameters are configured as follows:

  • Connection to database on a SQL Server

  • Installation in the default website

  • Application name testqs

  • Authentication with system user testadmin

  • Application server for the availability of the search function https://dbserver.testdomain.lan/TestAppServer

  • Allow HTTP

WebDesigner.InstallerCMD.exe

/conn "Data Source=dbserver.testdomain.lan;Initial Catalog=IdentityManager;Integrated Security=False;User ID=admin;Password=password"

/site "Default Web Site"

/appname testqs

/authprops "Module=DialogUser;User=testadmin;Password="

/searchserviceurl https://dbserver.testdomain.lan/TestAppserver

/allowhttp true

Example: Installation with a direct connection to an application server

In this example, the parameters are configured as follows:

  • Connection to application

  • Installation in the default website

  • Application name testviaappserver

  • With Windows authentication as web authentication

  • User for the updating User1 with the domain MyDomain.lan

WebDesigner.InstallerCMD.exe

/prov "QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client"

/conn "URL=https://test.lan/IdentityManagerAppServer/"

/site "Default Web Site"

/appname testviaappserver

/authprops "Module=DialogUser;User=testadmin;Password="

-w

/updateuser User1

/updateuserdomain MyDomain.lan

/updateuserpassword topsecret

Example: Uninstalling the web application with a connection against an application server

WebDesigner.InstallerCMD.exe

/prov "QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client"

/conn "URL=https://test.lan/IdentityManagerAppServer/"

/appname testviaappserver

/authprops "Module=DialogUser;User=testadmin;Password="

-R

Example: Processing of authentication settings for a subproject

WebDesigner.ConfigFileEditor.exe

-constAuth ../web.config "test_UserRegistration_Web" "Module=DynamicPerson;User[test_USER]=xyz;(Password)Password[test_Password]=xyz;(Hidden)IgnoreMasterIdentities=;(Hidden)Product=Manager"

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级