Chat now with support
Chat mit Support

Identity Manager Data Governance Edition 9.1.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Initialize-QDataGovernanceServer

Establishes the database connection between One Identity Manager and Data Governance Edition. The Data Governance server must be initialized before you can use Data Governance Edition to manage your resources.

Note: This PowerShell cmdlet is used in conjunction with the Data Governance Server installation msi when manually installing Data Governance Edition.

Syntax:

Initialize-QDataGovernanceServer [-DatabaseConnectionString] <String> [[-IdentityManagerIsOracle [<SwitchParameter>]] [-DefaultEmployeeSid [<String>]] [<CommonParameters>]

Table 117: Parameters
Parameter Description

DatabaseConnectionString

Specify the database connection string used by Data Governance Edition to access the One Identity Manager database.

An example of a connection string for Windows authentication may look like this:

"Server=myServerAddress;Database=myDatabase;User Id=myUser;Password=myPassword;Trusted_Connection=True"

An example of a connection string for SQL authentication may look like this:

"Data Source=myServerAddress;Initial Catalog=myDatabase;User Id=myUser;Password=myPassword"

IdentityManagerIsOracle

If you are using an Oracle database management system for the One Identity Manager database, specify this parameter to indicate that an Oracle database is being used.

NOTE: Oracle Database support was deprecated beginning with One Identity Manager 8.1. Do not use.

DefaultEmployeeSid

(Optional) Specify this parameter to take advantage of the automatic forest topology harvest. That is, adding this parameter adds the user associated with the specified SID to the One Identity Manager Employees with appropriate Data Governance application roles.

NOTE: This provides the same functionality as selecting the Add the current user to the One Identity Manager Employees with Data Governance application roles option when using the Data Governance Configuration wizard.

Examples:
Table 118: Examples
Example Description

Initialize-QDataGovernanceServer -DatabaseConnectionString 'Data Source=IMSQL;Initial Catalog=OneIM;UserID=sa;Password=template$PWD'

Initializes Data Governance Edition with the One Identity Manager database with the supplied connection string

Initialize-QDataGovernanceServer -DatabaseConnectionString 'Data Source=IMSQL;Initial Catalog=OneIM;UserID=sa;Password=myPwd' -DefaultEmployeeSid S-1-5-21-2969523365-1970145350-1015297841-500'

Establishes connection between the One Identity Manager database and Data Governance Edition; and adds the specified employee to the One Identity Manager Employees with the Data Governance application roles.

Register-QServiceConnectionPoint

Registers service connection points (SCPs) in an Active Directory domain.

Note: This can be helpful when the service account registered to a domain does not have sufficient permissions to create an SCP.

Syntax:

Register-QServiceConnectionPoint [-DomainDnsName] <String> [-DeploymentId] <String> [-ServerDnsName] <String> [[-ServerNetTcpPortNumber] [>Int32>]] [<CommonParameters>]

Table 119: Parameters
Parameter Description
DomainDnsName Specify the full DNS name of the Active Directory domain where the SCP will be registered.
DeploymentId Specify the deployment name of the Data Governance instance.
ServerDnsName Specify the full DNS name of the computer hosting the Data Governance server.
ServerNetTcpPortNumber (Optional) Specify the Net.tcp port number of the Data Governance server. If this parameter is not specified, the default port (8722) is used.
Examples:
Table 120: Examples
Example Description

Register-QServiceConnectionPoint -DomainDnsName vmset6.dge.dev.ca - DeploymentId DGEMAIN - ServerDnsName 2k8.vmset6.dge.dev.ca

Registers the SCP for an Active Directory domain.

Remove-QServiceConnectionPoint

Removes DataGovernance.Server service connection points (SCPs) found by the global catalog (GC) search in the Active Directory forest.

Note: This cmdlet can be helpful when you want to remove all Data Governance Edition SCPs from a single Data Governance Edition deployment or all deployments.

To re-create an SCP which you inadvertently removed, restart your Data Governance server.

Syntax:

Remove-QServiceConnectionPoint [-DeploymentId] [<String>]] [<CommonParameters>]

Table 121: Parameters
Parameter Description
DeploymentId

(Optional) Specify the deployment name assigned to the Data Governance instance whose SCP is to be removed. Typically, this value is DEFAULT.

If you do not specify this parameter, all service connection points in all Data Governance Edition deployments will be removed.

Run the Get-QDeploymentInfo cmdlet to retrieve the deployment name (DeploymentId) assigned to a Data Governance Edition deployment.

Examples:
Table 122: Examples
Example Description
Remove-QServiceConnectionPoint Removes all service connection points in all deployments.

Remove-QServiceConnectionPoint -DeploymentId MyTestDeployment

Removes all service connection points in the Data Governance instance assigned to deployment "MyTestDeployment".

Set-QDeploymentInfo

Updates the deployment parameters for the Data Governance server.

Note: Changing the deployment identifier parameter can prevent the Data Governance service from communicating with existing agents. It is NOT recommended to change the deployment name of an existing Data Governance server.

Syntax:

Set-QDeploymentInfo [-DeploymentId [<String>]] [<CommonParameters>]

Table 123: Parameters
Parameter Description
DeploymentId

(Optional) Specify this parameter to change the name of the deployment to which this Data Governance server belongs.

This deployment name must be unique within your Active Directory forest. It has a maximum length of 30 characters; and can only contain alphanumeric characters and underscores (no spaces allowed).

IMPORTANT: This is NOT the recommended approach. It is best to uninstall your entire Data Governance Edition deployment and reinstall using the Data Governance Configuration wizard, which comes with the One Identity Manager installation.

IMPORTANT: Any existing agents deployed by this Data Governance server will not be able to connect if you change the deployment name here. You must first uninstall all the agents and then change this value, restart the DataGovernance.Server service, and deploy new agents.

Examples:
Table 124: Examples
Example Description
Set-QDeploymentInfo -DeploymentId MainDeployment Changes the deployment name assigned to the Data Governance service to "MainDeployment".
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen