Chat now with support
Chat mit Support

Identity Manager Data Governance Edition 8.1.1 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management


Adds a new domain to the Data Governance Edition deployment.

The Data Governance server constructs an in-memory map of the Active Directory forest and domain structure where it is deployed. Administrators responsible for the Data Governance Edition deployment must register Service Accounts with the system and link them with domains. The link between a Service Account and an Active Directory domain makes it a "managed domain".

Note: Only domains that have been previously synchronized into the One Identity Manager database are available to be managed by Data Governance Edition.


Add-QManagedDomain [-ServiceAccountID] <String> [-DomainName] <String> [<CommonParameters>]

Table 136: Parameters
Parameter Description

Specify the ID (GUID format) of the service account that will manage the domain.

NOTE: Run the Get-QServiceAccounts cmdlet to retrieve a list of all service accounts registered with your Data Governance Edition deployment.

Specify the DNS name of the domain to be added as a managed domain.

Table 137: Examples
Example Description
Add-QManagedDomain -ServiceAccountID 7dd2eb51-e1cb-47f2-8c76-093fd4e0459e -DomainName mydomain.local Adds a new managed domain.


Retrieves information, including the service account and managed domain IDs, for a managed domain from the Data Governance Edition deployment.


Get-QManagedDomains [-ManagedDomainId [<String>]] [<CommonParameters>]

Table 138: Parameters
Parameter Description

(Optional) Specify the ID (GUID format) of the managed domain to be retrieved.

Table 139: Examples
Example Description
Get-QManagedDomains Returns all managed domains in the database.
Get-QManagedDomains -ManagedDomainId 50905871-5379-455d-8b65-c4bd02360bdb Returns information on the specified managed domain.
Details retrieved:
Table 140: Details retrieved
Detail Description (Associated key or property in ADSDomain table)

The value (GUID) assigned to the managed domain. (UID_ADSDomain)


The full DNS name of the managed domain. (ADSDomainName)


The full DNS name of the forest where the domain resides. (UID_ADSForest)

Status The status of the managed host, based on all the agents monitoring the host.
NetbiosName The Netbios name of the managed domain.
DomainSid The security identifier (SID) assigned to the managed domain.
ServiceAccountId The value (GUID) of the service account assigned to the managed domain. (UID_QAMServiceAccount)
AccessGroupSid Deprecated.
ServiceAccountInfo The name of the service account assigned to the managed domain.
DomainControllerName The name of the domain controller hosting the managed domain.
ExtendedRightsCreated Indicates whether extended rights were created by Data Governance Edition in the Active Directory environment.


Removes a managed domain from the Data Governance Edition deployment.

Note: Remove all managed hosts associated with a managed domain BEFORE removing a managed domain. Run the Remove-QManagedHost cmdlet to remove a managed host.


Remove-QManagedDomain [-ManagedDomainId] <String> [<CommonParameters>]

Table 141: Parameters
Parameter Description

Specify the ID (GUID format) of the managed domain to be removed.

NOTE: Run the Get-QManagedDomains cmdlet without any parameters to retrieve a list of managed domains, including the managed domain ID.
Table 142: Examples
Example Description

Remove-QManagedDomain -ManagedDomainId 830b1e48-c682-4d3e-965c-d96ee6db6262

Removes the specified managed domain from Data Governance Edition.

Agent deployment

The following commands are available to you to manage your agent deployment. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 143: Agent deployment commands

Use this command

If you want to


View saved events for the specified agent from the One Identity Manager database. You can use this command to output the stored agent messages to the console or a text file to quickly identify issues.

For more information, see Get-QAgentEvents.


View an agent’s activity and performance.

For more information, see Get-QAgentMetrics.


Set the managed paths to be scanned.

NOTE: When you set the managed paths using the cmdlet, existing managed paths are overwritten.

NOTE: This cmdlet does not support setting managed paths for Cloud managed hosts.

For more information, see Set-QAgentConfiguration.


Notify the Data Governance server that an agent has been updated and the server should process it.

For more information, see Set-QAgentStateUpdated.


Upgrade the agents in your deployment.

NOTE: You can identify the agents to upgrade through their agent ID or on a managed host basis.

For more information, see Upgrade-QAgents.

Verwandte Dokumente