-
Title
One Identity Manager Data Governance Edition 6.1.2.1030 Cumulative Hotfix -
Description
About this hotfix
This hotfix addresses error handling and logging issues and provides additional Windows PowerShell® commands to retrieve trustee and account information. The minimum version required for installing this hotfix is One Identity Manager Data Governance Edition 6.1.2.Determining if this hotfix is needed
This hotfix for One Identity Manager Data Governance Edition may receive additional testing. If you are not severely affected by the issues addressed by this hotfix, it is recommended that you wait for the next release of One Identity Manager Data Governance Edition as it will include this hotfix.NOTE: This hotfix contains all resolved issues since the general release of One Identity Manager Data Governance Edition 6.1.2. -
Resolution
Please download One Identity Manager Data Governance Edition 6.1.2.1030 Cumulative Hotfix by Clicking Here.
The following is a list of issues resolved in this hotfix.
NOTE: Not all of the builds mentioned below were public releases; however, you can guarantee that you have the fix if you have a build number greater than or equal to the “Fixed In” build number associated with the Issue ID.
Resolved Issues
Resolved Issue Issue ID Fixed In Improved error handling around database connection validation. 463404 6.1.2.1007 Improved error handling and logging around the Managed Access view in the Manager for an Active Directory account. 458416 6.1.2.1008 Share-based groups are now available in the web portal. 486834 6.1.2.1014 Updated Data Governance log entries to write null values. 487475 6.1.2.1016 Fixed unhandled COMException that occurred when opening the Managed Access view for an orphaned user. 502929 6.1.2.1018 Fixed Resource Access reports that were showing up blank in the Manager when the underlying agent was not in the Data Available state. 509028 6.1.2.1019 New and enhanced Windows PowerShell® commands for retrieving trustee and Active Directory account information. For full parameter details, see the command help, using the Get-Help command.
- Get-QHostsForTrustee
This cmdlet was expanded to include the following optional parameter:- -IncludeIndirectAccess: Include indirect access in the results. If not specified, the results include the managed hosts where the specified account has direct access.
- Get-QADAccount
New cmdlet that retrieves Active Directory objects from One Identity Manager and QAM tables: ADSAccount, ADSGroup, ADSOtherSID, QAMLocalUser, and QAMLocalGroup.
The results can be filtered with optional parameters:- Name: The object name.
- Domain: The object domain.
- Get-QAllTrustees
New cmdlet that retrieves all of the entries from the QAMTrustee table.
The results can be filtered with optional parameters:- TrusteeName: The name of the trustee to be searched.
- Domain: The domain of the trustee to be searched.
- Get-QIndexedTrustees
New cmdlet that retrieves all of the entries from the QAMTrustee table who are also listed within the QAMSecurityIndex table, denoting an indexed trustee.
The results can be filtered with optional parameters:- TrusteeName: The name of the trustee to be searched.
- Domain: The domain of the trustee to be searched.
- Get-QAccountAccess
This cmdlet was expanded to include additional SharePoint resource types.
Valid resource types now include: Files, Folders, Shares, LocalOSRights,AdminRights, ServiceIdentities, SharePointResources, SharePointFarmAdminRights, SharePointWebAppPolicies, and SharePointSiteCollectionAdminRights. - Get-QAccountAccessOnHosts
For a given account (Domain\SAMAccountName), this new cmdlet retrieves the account’s resource access across all available hosts. The data retrieved is in the form of:- RightType: The access right type.
- ItemResourceType: The resource type.
- ResourceURI: The URI of the resource to which the trustee has access.
- TrusteeDisplayName: The display name of the trustee.
- TrusteeSid: The SID of the trustee.
- HostName: The host where the resource resides.
- Rights: The specific access rights assigned.
- AppliesTo: What the rights apply to.
- Inheritance: The inheritance type.
There are several parameters for the Get-QAccountAccessOnHosts cmdlet:- -AccountName: (Mandatory) The account name to perform the access report on.
- -AccountDomain: (Mandatory) The account domain to perform the access report on.
- -ManagedHostList: (Optional) Limits the results to the specified managed hosts. If not specified, all managed hosts are included.
- -ResourceTypes: (Optional) Limits the results to the specified resource types: Files, Folders, Shares, LocalOSRights, AdminRights, SharePoint, SharePointResourceItems, SharePointFarmAdminRights, SharePointWebAppPolicies, and SharePointSiteCollectionAdminRights.
If not specified, all resource types are included. - -UriFilterPattern: (Optional) Limits the results to resources whose URI contain the given string.
- -DirectOnly: (Optional) Switch parameter to exclude indirect access to a resource from the results.
- -OutputDirectory: (Optional) An absolute path to a directory where the results are to be saved. If the directory does not exist, it will be created.
- -VerboseLogging: (Optional) Switch parameter to turn on verbose logging.
592697 6.1.2.1026 New agent deliverables. 6.1.2.1026 Improved error handling around DFS enumeration. 598373 6.1.2.1029 Updated PowerShell help file. 598375 6.1.2.1030 Applicability of this hotfix
Product Name Version One Identity Manager Data Governance Edition 6.1.2 and any hotfix build since Installing this hotfix
NOTE: The following steps are for Data Governance Edition version 6.1.2. If you are upgrading a previous version, refer to the Quest One Identity Manager Data Governance Edition Deployment Guide and follow the steps outlined in Upgrade Quest One Identity Manager Data Governance Edition to Version 6.1 and use the msi provided with this hotfix.
NOTE: If you have the Quest One Identity Manager Data Governance Edition Server Classification Extension installed, uninstall this module before upgrading the Data Governance server, and reinstall it prior to upgrading the Data Governance agents.To install the hotfix
- Run the DataGovernance_ServerComponentInstall_x64.msi (6.1.2.1030) on the computer hosting the Data Governance server.
- Confirm that the Data Governance service is started.
NOTE: No agent upgrade is required.
Verifying successful completion
To determine if this hotfix is installed
- Locate the Quest.Titan.Common.Interfaces.dll in the Data Governance server installation directory
(%ProgramFiles%\Quest Software\Data Governance\Server). - Right-click the .dll and select Properties.
- Open the Details tab to check the File version (6.1.2.1030) of the assembly.
OR
- Open the “Data Governance Service Log.txt” file (which is also located in the Data Governance server
installation directory). - Check for the latest entry with the header “Message: Server startup - Logging file versions”.
You should see file version 6.1.2.1030 listed for many of the files.
Removing this hotfix
To remove this hotfix- Use Add-Remove Programs to remove Quest One Identity Manager Data Governance Server 6.1.2.1030.
- Redeploy an older version of Data Governance Edition if required.
- Get-QHostsForTrustee