Chat now with support
Chat mit Support

Identity Manager 9.1.3 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates Exporting data with the Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with the Data Import Importing and exporting individual files for the software update Creating a One Identity Manager database for test or development from a database backup Initializing DBQueue Processor the after extending the server hardware Command line programs

InstallManager.CLI.exe

The InstallManager.Cli.exe program provides support for the installation of One Identity Manager. You can run the program from the command line.

IMPORTANT: Run the installation using the command line console in administrator mode.

Calling syntax

InstallManager.Cli.exe

-m install|change|remove|uninstall

-r {Directory}

[-i {Directory}]

[-fu]

[-mod {ModuleIDs}]

[-d {Targets}]

[-p {Packages}]

[-l {Path}]

[-fo]

[-cs {Service name} {Properties}]

[-dc]

Table 51: Program parameters and options

Parameter or option

Alternative name Description

-m

--mode

Installation mode. Permitted values are

  • install: Install new modules.

  • change: Update existing modules.

  • remove: Delete modules.

  • uninstall: Uninstall complete installation.

-r

--rootpath

Directory containing the installation sources.

-i

--installpath

(Optional) Directory in which to install.

-fo

--filesonly

(Optional) Only file actions will be run. No start menu entries or registry keys are generated and no services are installed.

-mod

--module

Space-delimited list of module IDs.

-d

--deploymenttarget

Space delimited list of machine roles.

-p

--packages

Space-delimited list of packages.

-l

--logfile

(Optional) Path to the log file.

-fu

--forceupdate

(Optional) All data will be reinstalled.

-cs

--changeservice

Changes the properties for registration of the service. The following values are expected:

  • Service name: Name of the service to be changed

  • Properties: New properties of the service with:

    • Name: Name of the service.

    • Display: Display name of the service.

    • Description: Description of the service.

    Example:

    "Name=<New name>;Display=<New display>;Description=<New Description>"

    You only need to specify the properties that are to be changed.

-dc

--deleteconfig

(Optional) Configuration data and logs are removed in uninstall mode.

-h

--help

Display program help.

Example: Installing a single module

InstallManager.Cli.exe

-m install

-r c:\sourcedir

-mod QER ADS SAP LDAP ATT

Example: Updating a machine role

InstallManager.Cli.exe

-m change

-r c:\sourcedir

-d Server\JobServer\ADS

Example: Uninstalling the One Identity Manager components

InstallManager.Cli.exe

-m uninstall

-i c:\installdir

-dc

DBCompilerCMD.exe

The DBCompilerCMD.exe program supports compiling a database.You can run the program from the command line.

Calling syntax

DBCompilerCMD.exe

/Conn="{Connection string}"

/Auth="Module={Authentication string}"

[/LogLevel=Off|Fatal|Error|Info|Warn|Debug|Trace]

[-W]

[/Blacklist=[CompileWebServices] [CompileTypedWrappers] [CompileDialogScripts] [CompileScripts] [CompileJobChains] [CompileWebProjects] [CompileApiProjects] [CompileHtmlApps] [FillMultiLanguage]]

/WaitTimeout

[-A]

[/AutoCompileCheckInterval]

[/AutoCompileWaitSeconds]

[/AutoCompileErrorWaitSeconds]

[-S]

[-C]

[-v]

Table 52: Program parameters and options
Parameter or option Description

/Conn

Database connection parameter. A user with a minimum access level of Configuration user is required.

For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

/Auth

Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

-W

(Optional) Wait for the processing of DBQueue Processor tasks to complete before starting compilation.

-A

(Optional) Automatic compilation of the database. The database is monitored and compiled if necessary. This runs until the program is terminated with Ctrl + C.

-S

(Optional) Messages are outputted to the console without timestamp or severity level.

-C

(Optional) Compile only modified parts of the system.

/LogLevel

(Optional) Scope of output to be processed. Permitted values are:

  • Off: No logging.

  • Fatal: All critical error messages are logged.

  • Error: All error messages are logged.

  • Info: All information is logged.

  • Warn: All warnings are logged.

  • Debug: Debugger outputs are logged. This setting should only be used for testing.

  • Trace: Highly detailed information is logged. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.

/IgnoreErrors

(Optional) Specifies if error messages are ignored. Permitted values are True and False.

/Blacklist

(Optional) Space-delimited list of compiler modules that must not be compiled. Permitted values are:

  • CompileWebServices: Compile web services

  • CompileTypedWrappers: Compile a type-safe database model

  • CompileDialogScripts: Compile scripts from the script library

  • CompileScripts: Compile templates, formatting scripts and task definitions

  • CompileJobChains: Compile processes

  • CompileWebProjects: Compile web projects

  • CompileApiProjects: Compile API projects

  • CompileHtmlApps: Compile HTML applications

  • FillMultiLanguage: Extract language-dependent texts

/WaitTimeout

Maximum waiting time for DBQueue.

Default: 00:10:00

/AutoCompileCheckInterval

(Optional) Interval in seconds to check if the database needs to be compiled.

Default: 30

/AutoCompileWaitSeconds

(Optional) After a compilation request is detected, compilation is deferred by this time interval before actually being be performed.

Default: 0

/AutoCompileErrorWaitSeconds

(Optional) If an error occurs during compilation, the next compiler run is deferred by this time interval before actually being be performed.

Default: 60

-v

(Optional) Provides additional information (verbose).

-? |-h

Display program help.

Example:

DBCompilerCMD.exe

/Conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

/Auth="Module=DialogUser;User=<User name>;Password=<Password>"

-W

Quantum.MigratorCmd.exe

The Quantum.MigratorCmd.exe program supports migration of a One Identity Manager database. You can run the program from the command line.

Calling syntax for installation

quantum.migratorcmd.exe

--INSTALL

/Connection="{Connection string}"

/System=MSSQL

/Module={Module IDs}[+]

/Destination="{Directory}"

[/Password={Password}]

[/Admin="mode=create|check|extend;login={SQL Server login name};password={SQL Server login password}]

[/Login="User=Config|User;login={SQL Server login name};password={SQL Server login password}"]

[/Person="condition={Condition};password={Person password}"]

[/User="DialogUser={System user};password={System user password}"]

[/LogLevel="Off|Fatal|Error|Info|Warn|Debug|Trace"]

[/PreCheck={[+|-] Precheck ID}]

[/Edition]

[/DialogDatabase]

[/Config]

Calling syntax for updating

quantum.migratorcmd.exe

--UPDATE

/Connection="{Connection string}"

/Module={Module IDs}[+] /destination="{Directory}"

[/Admin="mode=create|check|extend;login={SQL Server login name};password={SQL Server login password}]

[/Login="User=Config|User;login={SQL Server login name};password={SQL Server login password}"]

[/Person="condition={Condition};password={Person password}"]

[/User="DialogUser={System user};password={System user password}"]

[/Loglevel="Off|Fatal|Error|Info|Warn|Debug|Trace"]

[/PreCheck={[+|-] Precheck ID}]

[/KeepUpdatePhase]

[/DialogDatabase]

[/Config]

Calling syntax for restoring a database

quantum.migratorcmd.exe

--RESTORE

/Connection="{Connection string}"

/Destination="{Directory}"

[/Admin="mode=create|check|extend;login={SQL Server login name};password={SQL Server login password}]

[/Login="User=Config|User;login={SQL Server login name};password={SQL Server login password}"]

[/Person="condition={Condition};password={Person password}"]

[/User="DialogUser={System user};password={System user password}"]

[/LogLevel="Off|Fatal|Error|Info|Warn|Debug|Trace"]

[/PreCheck={[+|-] Precheck ID}]

[/KeepUpdatePhase]

[/DialogDatabase]

[/Config]

Calling syntax for deleting a database

quantum.migratorcmd.exe

--DELETE

/Connection="{Connection string}"

/Destination="{Directory}"

Calling syntax for passing parameters as a file

quantum.migratorcmd.exe @File

Table 53: Program parameters and options
Parameter or option Description

--Install

Installs new database.

--Update

Updates database.

--Restore

This operation performs the necessary steps to make the database operational, such as initializing the DBQueue Processor or restoring logins.The operation can be performed after a database has been restored from a backup, for example on another server.

--Dump

For internal use only.

--Import

For internal use only.

--Delta

For internal use only.

--Delete

Deletes database including all files and SQL Server logins.

/Clear

For internal use only.

/Format

For internal use only.

/HashSize

For internal use only.

/KeepUpdatePhase

(Optional) If the parameter is set, the update phase is not reset to 0 after migration is complete (DialogDatabase.UpdatePhase).

/LogLevel

(Optional) Scope of output to be processed. Permitted values are:

  • Off: No logging.

  • Fatal: All critical error messages are logged.

  • Error: All error messages are logged.

  • Info: All information is logged.

  • Warn: All warnings are logged.

  • Debug: Debugger outputs are logged. This setting should only be used for testing.

  • Trace: Highly detailed information is logged. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome.

/Password

(Optional) Initial password for the viadmin system user when a new database is installed.

/AdminConnection

For internal use only.

/Condition

For internal use only.

/Connection

Database connection parameter. A user with a minimum access level of Administrative user is required.

For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

/From

For internal use only.

/To

For internal use only.

/Destination

Source directory .

/DialogDatabase

Passes information about the database (DialogDatabase table). The value updates the entry for the database in the DialogDatabase table. This allows a new database to immediately create a valid entry in the DialogDatabase table.

Example: "CustomerName=<your name>;ProductionLevel=2"

/Edition

(Optional) Edition to be installed. Permitted values are:

  • DGE: One Identity Manager Data Governance Edition

  • ADS: One Identity Manager Active Directory Editions

  • STE: One Identity Manager Edition

/Admin

(Optional) Mode for creating SQL Server logins if granular permissions are used.

  • mode: Specifies in which mode the SQL Server login is created.

    Permitted values are:

    • create : The SQL Server login does not exist yet and will be created.

    • check: The SQL Server login already exists. This checks the permissions for the SQL Server login. If the necessary permissions are missing, an error message is displayed.

    • extend: The SQL Server login already exists. This extends the permissions for the SQL Server login.

  • login: Name of the SQL Server login.

  • password: Password for the SQL Server login.

Example: Create a new SQL Server login "OneIM_Admin" with password "secret".

/admin="mode=create;Login=OneIM_Admin;Password=secret"

/Login

(Optional) Creates the other SQL Server logins if granular permissions are used. Multiple instances of this parameter are possible.

  • user: Name of the database user according to QBMDBPrincipal.UserName.

    Permitted values are:

    • Config: Configuration user.

    • User: End user.

  • login: Name of the SQL Server login.

  • password: Password for the SQL Server login.

Example: Creating SQL Server logins for configuration users and end users.

/login="User=Config;Login=OneIM_Config;Password=secret"

/login="User=User;Login=OneIM_User;Password=secret"

/Module

Comma delimited list of module IDs.

For UPDATE operation: If the module ID is followed by a plus sign (+), only this module is updated. If no plus sign is specified, all modules listed are updated.

/ModuleOwner

For internal use only.

/operation

Alternative name of the operation.

Example: /operation=INSTALL

/Person

(Optional) Configuration of an employee's password (Person.DialogUserPassword). Multiple instances of this parameter are possible.

  • condition: A valid SQL condition for the person table.

  • password: Password (plain text or password hash).

Example: Sets the "secret" password for the employee with the internal name "Sys, admin".

/person="Condition=InternalName='Sys, admin'; Password=secret"

/PreCheck

(Optional) Controls the handling of database pre-checks. The input is given as + or - followed by the ID for the pre-check. Multiple instances of this parameter are possible.

  • +ID: The pre-check is repaired. If the pre-check is not repairable, an error message is displayed.

  • -ID: Pre-check is ignored. This only works for optional tests.

    Example: /precheck=-JobqueueEmpty.

The ID can be taken from the PreCheck with ID '{0}' failed! error message.

/System

Database system. Permitted value is MSSQL.

/User

(Optional) Configuration of a system user's password (Person.DialogUserPassword). Multiple instances of this parameter are possible.

  • DialogUser: Name of the system user (DialogUser.UserName).

  • password: Password (plain text or password hash).

/Config

(Optional) Global JSON configuration file for variables.

@file

As an alternative to directly issuing commands, you can name a text file containing the commands. Every command is in a separate line.

-v

(Optional) Provides additional information (verbose).

-? | h

Display program help.

Example: Installing a database

quantum.migratorcmd.exe

--Install

/connection="Data Source=<Database server>;Initial Catalog=<Database>;User ID=<Database user>;Password=<Password>"

/module="TSB,ATT,CPL,HDS,POL,RMB,RMS,RPS"

/destination="C:\install"

Example: Restoring a database

quantum.migratorcmd.exe

--Restore

/connection="Data Source=<Database server>;Initial Catalog=<Database>;User ID=<Database user>;Password=<Password>"

/destination="C:\install"

/LogLevel=Warning

/precheck=-JobqueueEmpty

AppServer.Installer.CMD.exe

The AppServer.Installer.CMD.exe program supports installing and uninstalling of application servers. You can run the program from the command line.

NOTE: Run the installation using the command line console in administrator mode.

Calling syntax for installation

AppServer.Installer.CMD.exe

--conn={Connection string}

--auth={Authentication string}

--appname={Application name}

[--site={site}]

[--app-pool={Application pool}]

[--source-dir={Directory}]

[--deployment-target={Machine role}]

[--allow-http]

[--windows-auth]

[--db-windows-auth]

[--skip-file-permissions]

[--runtime-connection={Connection string}]

[--hdb-connection={History Database ID|Connection string}]

[/updateuser {User name} [/updateuserdomain {Domain}] [/updateuserpassword {Password}]]

[

--cert-mode=existing --cert-thumbprint={Thumbprint}

|

--cert-mode=new --cert-issuer {Issuer} [--cert-key=1024|2048|4096]

|

--cert-mode=newfile --cert-issuer {Issuer} [--cert-key=1024|2048|4096] [--cert-file={Path to certificate file}]

]

[--set-connection]

[--conn-id={History Database ID}]

[--verbose]

Calling syntax for uninstalling

AppServer.Installer.CMD.exe

--conn={Connection string}

--auth={Authentication string}

--appname={Application name}

--uninstall

Table 54: Program parameters and options

Parameter or option

Alternative

Description

--conn

--connection|

-c

Database connection parameter. To install an application server you require at least one user with the Configuration user access level.

For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.

Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections.

--auth

--auth-props|-a

Authentication data for the installation. The authentication data depends on the authentication module used.

For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

--appname

 

Application name.

--site

 

(Optional) Website on the Internet Information Services where the application is installed. If the parameter is not set, Default Web Site is used (default).

--app-pool

 

(Optional) Application pool. If this parameter is set, the installation is performed in the specified application pool. If this parameter is not set, a new application pool is installed (default).

--source-dir

-s

(Optional) Installation source. If this parameter is set, the installation is performed from the file system. If this parameter is not set, the installation is performed from the database (default).

--deployment-target

-t

(Optional) Machine role for the installation. This parameter can be used more than once. Alternatively, multiple machine role can be separated with a pipe [|]. If this parameter is not set, the Server | Web | Appserver machine role is used.

--allow-http

 

(Optional) If the parameter is set, HTTP is permitted. If this parameter is not available, HTTPS is used (default).

--windows-auth

-w

(Optional) Type of authentication used for the web application. If this parameter is set, Windows authentication is used. If this parameter is not set, anonymous authentication is used on IIS (default).

--db-windows-auth

 

(Optional) Type of authentication used for the One Identity Manager database. If this parameter is set, Windows authentication is used. If this parameter is not set, the SQL login from the connection parameters is used.

--skip-file-permissions

-f

(Optional) If this parameter is set, no permissions are allocated for the IIS_USRS user. If this parameter is not set, the permissions are allocated for the IIS_USRS user (default).

--runtime-connection

--run-conn

(Optional) Database connection parameters used as authentication for the One Identity Manager database, for example, if the application server is run with the end user access level. If this parameter is not set, the SQL Server login from the connection parameters is used for the installation (default).

--update-user

 

(Optional) User for updating. If no user is given, the same user account is used for the application pool.

--update-user-domain

 

Active Directory domain of the user.

--update-user-password

 

User password.

--cert-mode

 

(Optional) Type of certificate selection. Permitted values are:

  • existing: Uses an existing certificate.

  • new: Uses a new certificate.

  • newfile: Creates a new certificate file. (default)

--cert-thumbprint

 

Thumbprint of the certificate if an existing certificate is used.

--cert-issuer

 

Issuer of the certificate if a new certificate or a new certificate file is created.

Example: "CN=Application Server"

--cert-key

 

Length of the certificate’s key 1024, 2048 (default), and 4096 are permitted.

--cert-file

 

(Optional) Directory path and name of the certificate file if a new certificate file is created. If this parameter is not set, "App_Data\SessionCertificate.pfx" is used.

--hdb-connection

 

(Optional) History Database connection parameter. This value is a combination of the ID and the connection parameter (pipe (|) delimited).

Example: “<History Database ID>|key1=value1;key2=value2;...”

--set connection

-S

Changes the connection parameters for an installed application.

--conn-id

 

(Optional) Connection parameter identifier. If this parameter is not set, the application server’s own connection parameters are used.

--uninstall

-R

Removes the application server.

--verbose

-v

(Optional) Provides additional information (verbose).

--help

-h, -?

Display program help.

Parameter formats

Multiple-character options can be given in the following forms:

--conn="..."

--conn "..."

/conn="..."

/conn "..."

Single-character options can be given in the following forms:

-c="..."

-c "..."

/c="..."

/c "..."

Switches are allowed in the forms:

-R

/R

Example: Installing an application server

AppServer.Installer.CMD.exe

--conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

--auth="Module=DialogUser;User=<User name>;Password=<Password>"

--appname=MyApplicationServer

--allow-http

Example: Uninstalling an application server

AppServer.Installer.CMD.exe

--conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

--auth="Module=DialogUser;User=<User name>;Password=<Password>"

--appname=MyApplicationServer

--uninstall

Example: Changing the connection parameters of the application server

AppServer.Installer.CMD.exe

--set-connection

--appname=MyApplicationServer

--conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

Example: Changing the parameters for connecting a History Database

AppServer.Installer.CMD.exe

--set-connection

--appname=MyApplicationServer

--conn-id=<History Database ID>

--conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen