Chatee ahora con Soporte
Chat con el soporte

Identity Manager Data Governance Edition 8.1.4 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QAccountsForHost

Retrieves all account access for a specific managed host.

Syntax:

Get-QAccountsForHost [-ManagedHostId] <String> [<CommonParameters>]

Table 190: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host to be queried.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of managed hosts and associated IDs.

Examples:
Table 191: Examples
Example Description
Get-QAccountsForHost -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 Retrieves a list of the accounts related to the specified managed host.
Details retrieved:

For each account that has access to the given host, the following information is returned.

Table 192: Details retrieved
Detail Description
TrusteeName A list of the accounts (trustees) for the managed host.
TrusteeSid The security identifier (SID) assigned to each account (trustee).
TrusteeType

The type of account. For a list of trustee types, see Trustee types

AccessibleHosts

Shows all of the hosts that the account has access to.

This host list also shows for each account that has access to the specified host, what other hosts they have access to.

Get-QADAccount

Retrieves Active Directory objects from One Identity Manager and QAM tables: ADSAccount, ADSGroup, ADSOtherSID, QAMLocalUser, and QAMLocalGroup.

Syntax:

Get-QADAccount [-Name] [<String>]] [-Domain] [<String>]] [<CommonParameters>]

Table 193: Parameters
Parameter Description
Name

(Optional) Specify the name of the Active Directory object to be retrieved.

If this parameter is not specified, all Active Directory objects are retrieved.

Domain

(Optional) Specify the domain to be queried to locate the Active Directory objects.

If this parameter is not specified, all domains are included in the query.

Examples:
Table 194: Examples
Example Description
Get-QADAccount Retrieves information for all Active Directory objects on all domains in your Data Governance Edition deployment.
Get-QADAccount -Name Administrator -Domain MyDomain

Retrieves Active Directory information for account Administrator in domain MyDomain.

Details retrieved:
Table 195: Details retrieved
Detail Description
DomainInfo

DomainInfo is an array that can be expanded to display the following information about the domain the account belongs to:

  • DnsDomainName
  • NetbiosDomainName
  • Type
AccountSid The security identifier (SID) assigned to the Active Directory account.
SamAccountName If available, the login name for the account.
DistinquishedName The distinguished name of the Active Directory account.
Name The display name of the Active Directory account.
AccountType The type of account.
ErrorMessage If available, error messages associated with the Active Directory account.

Get-QGroupMembers

Retrieves a list of all the members of a group, including members of child groups. This helps you assess how a specific account has gained access to a resource.

Syntax:

Get-QGroupMembers [-GroupSid] <String> [[-Domain] [<String>]] [<CommonParameters>]

Table 196: Parameters
Parameter Description
GroupSid Specify the security identifier, in SDDL format, of the group whose membership you are interested in.
Domain

(Optional) Specify the domain containing the group whose membership you are interested in.

NOTE: This value will only be used if the domain is valid and multiple instances of this SID exist (well-known SIDs).

Examples:
Table 197: Examples
Example Description
Get-QGroupMembers -GroupSid S-1-5-500 -Domain vmset6 Gets the group members from the specified domain.
Detailed retrieved:
Table 198: Details retrieved
Detail Description
ResultList

ResultList is an array that can be expanded to show the following information for the members of the given group:

  • ID
  • ParentID
  • DNPrefix
  • SamAccountName
  • SamAccountType
  • RID
  • WellKnown
  • GroupType
  • ObjectClass
  • RedundantBranch
IssueList IssuesList is an array that can be expanded to view any issues encountered.

Get-QIndexedTrustees

Retrieves all of the entries from the QAMTrustees table who are also listed within the QAMSecurityIndex table, denoting an indexed trustee.

Syntax:

Get-QIndexedTrustees [-TrusteeName [<String>]] [-Domain [<String>]] [<CommonParameters>]

Table 199: Parameters
Parameter Description
TrusteeName

(Optional) Specify the name of the trustee to be searched.

If this parameter is not specified, all indexed trustees are returned.

Domain

(Optional) Specify the domain of the trustee to be searched.

If this parameter is not specified, all domains are queried to locate indexed trustees.

Examples:
Table 200: Examples
Example Description
Get-QIndexedTrustees -TrusteeName Administrator -Domain MyDomain

Retrieves all indexed accounts from the QAMTrustees table where the account name is Administrator and the domain is MyDomain.

Details retrieved:
Table 201: Details retrieved
Detail Description
Sid The security identifier (SID) assigned to the account.
PreWindows2000Name The logon name (Pre-Windows 2000) of the Active Directory account.
Domain The name of the domain where the account resides.
TrusteeType The type of trustee (account).
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación