Chat now with support
Chat mit Support

Identity Manager Data Governance Edition 9.2.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Adding the PowerShell snap-ins

Data Governance Edition comes with a Windows PowerShell snap-in for you to use to manage your environment.

If you installed Windows PowerShell on your computer after you installed the Data Governance server, you must register the cmdlets before you can start using them in Windows PowerShell.

To import the Data Governance Edition PowerShell module

  1. Open a Windows PowerShell window and type the following at the Windows PowerShell command prompt:

    Import-Module "<path>"

    Where <path> is the file path for the QAM.Client.PowerShell.dll assembly. By default, the <path> for the Data Governance server machine is "C:\Program Files\One Identity\One Identity Manager\QAM.Client.PowerShell.dll".

  2. To verify that the module was added, type the following at the Windows PowerShell command prompt:

    Get-Module -All

    The registered PowerShell modules are listed.

Note: Run the Set-QServiceConnection command before you can use any of the Data Governance Edition commands.

Adding the module automatically to new sessions

If you do not want to manually add the Data Governance Edition PowerShell module each time you start a new Windows PowerShell session, you can modify the Windows PowerShell profile file so that it is added automatically for you.

To add the Data Governance Edition PowerShell module automatically when you start a new Windows PowerShell session

  • Add the following line to the Windows PowerShell profile file (profile.ps1) file:

    Import-Module "<path>"

    The location of the Windows PowerShell profile file is as follows: WINDOWS\system32\windowspowershell\v1.0

Note: If you get the error message "...profile.ps1 cannot be loaded because the execution of scripts is disabled" the next time you start a new Windows PowerShell session, type the following at the Windows PowerShell command prompt:

Set-ExecutionPolicy RemoteSigned

Then, type the following at the Windows PowerShell command prompt to confirm that the execution policy has been changed:

Get-ExecutionPolicy RemoteSigned

Finding component IDs

Many of the Windows PowerShell commands you can use to manipulate your deployment require that you know the component’s ID.

To determine the managed host, container parent, container, resource node, or agent ID

To determine the service account or managed domain ID

To determine the deployment name

Data Governance Edition deployment

The following commands in the OneIdentity.DataGovernance snap-in can be used to deploy and configure the Data Governance Edition. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 106: Data Governance Edition deployment commands

Use this command

If you want to

Get-QDeploymentInfo

View deployment information for your Data Governance server including the deployment name.

For more information, see Get-QDeploymentInfo.

Get-QEncryptionOptions

Retrieve the current encryption options used by One Identity Manager and show whether Data Governance Edition has been configured to use encryption.

For more information, see Get-QEncryptionOptions.

Get-QServerAllLogs

Export all server logs to the designated folder.

For more information, see Get-QServerAllLogs.

Get-ServerVersion

View the version of the currently running Data Governance server.

For more information, see Get-QServerVersion.

Initialize-QDataGovernanceActivity

Initialize a database to store data generated when a managed host has resource activity tracking enabled.

NOTE: This information is required for several reports, including the Resource Activity report.

This is separate from the One Identity Manager database that stores configuration and security information.

For more information, see Initialize-QDataGovernanceActivity.

Initialize-QDataGovernanceServer

Establish the database connection between One Identity Manager and Data Governance Edition. The Data Governance server must be initialized before you can use Data Governance Edition to manage your resources.

For more information, see Initialize-QDataGovernanceServer.

Register-QServiceConnectionPoint

Register service connection points in an Active Directory domain.

NOTE: This can be helpful when the service account registered for a domain does not have sufficient permissions to create a service connection point (SCP).

For more information, see Register-QServiceConnectionPoint.

Remove-QServiceConnectionPoint

Remove the DataGovernance.Server Service Connection Point (SCP) from an Active Directory domain.

NOTE: This cmdlet can be helpful when you want to remove all Data Governance Edition SCPs from a single Data Governance Edition deployment or all deployments. To recreate an SCP which you inadvertently removed, restart your Data Governance service.

For more information, see Remove-QServiceConnectionPoint.

Set-QDeploymentInfo

Change the deployment parameters for the Data Governance server including the deployment name.

NOTE: Changing this value can prevent the Data Governance service from communicating with existing agents. It is not recommended to change the deployment name of an existing server.

For more information, see Set-QDeploymentInfo.

Set-QEncryptionOptions

Encrypt the Data Governance service account.

NOTE: Only use this command if you have enabled encryption for the One Identity Manager database.

For more information, see Set-QEncryptionOptions.

Set-QServiceConnection

Set the server name and port information used by the Data Governance Edition commands to connect to the Data Governance server.

NOTE: You must run this command before you can use any of the Data Governance Edition commands.

For more information, see Set-QServiceConnection.

Get-QDeploymentInfo

Retrieves deployment parameters, including the deployment name, for a Data Governance server.

Syntax:

Get-QDeploymentInfo [<CommonParameters>]

Examples:
Table 107: Examples
Example Description
Get-QDeploymentInfo Returns the current deployment parameters for the Data Governance server.
Details retrieved:
Table 108: Details retrieved
Detail Description
DeploymentId Name assigned to the deployment when the Data Governance server was installed. The default deployment name is "DEFAULT".
RestServicePort Port used by the Data Governance server for HTTP protocol and REST services. Used for communication with PowerShell and One Identity Manager clients and web server.
DatabaseMigrationVersion The module and migration version assigned to the QAM module.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen