Chatta subito con l'assistenza
Chat con il supporto

Identity Manager Data Governance Edition 9.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QLogonServiceAccount

Determines if the specified account meets the requirements to be used as a service account in Data Governance Edition.

Note:Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.

Syntax:

Get-QLogonServiceAccount [-UserName] <String> [-Password] <String> [-DomainId] <String> [<CommonParameters>]

Table 132: Parameters
Parameter Description
UserName

Specify the name of the Active Directory account to be checked.

Password Specify the password associated with the account.
DomainName Specify the name of the domain to be checked to determine if the specified account meets the requirements of a service account.
Examples:
Table 133: Examples
Example Description
Get-QLogonServiceAccount -UserName Administrator -Password myppassword -DomainName mydomain.dge.dev.phx.com Checks the specified account to determine if it meets the requirements to be used as a service account in Data Governance Edition.

Get-QServiceAccounts

Retrieves a list of service accounts registered with the Data Governance server.

Syntax:

Get-QServiceAccounts [-ServiceAccountId] [<String>]] [<CommonParameters>]

Table 134: Parameters
Parameter Description
ServiceAccountId

(Optional) Specify the ID (GUID format) of the service account to be retrieved.

Run the Get-QManagedDomains cmdlet to retrieve a list of managed domains, including the managed domain and service account IDs.

Examples:
Table 135: Examples
Example Description
Get-QServiceAccounts

Retrieves a list of all registered service accounts.

Get-QServiceAccounts -ServiceAccountId 3253af66-c104-4472-b770-c8097b2df6d8 Retrieves information about the specified service account.
Details retrieved:
Table 136: Details retrieved
Detail Description (Associated key or property in QAMServiceAccount table)
ServiceAccountId The value (GUID) assigned to the service account (UID_QAMServiceAccount).
AccountSid The security identifier (SID) assigned to the Active Directory account.
UserDomainName The name of the domain to which the user belongs.
UserName Logon name (pre-Windows 2000) of the Active Directory account (UID_ADSAccount).
UserPrincipalName User principal name (email address) of the service account.
Description The descriptive text entered when the service account was registered with Data Governance Edition.
IsDefaultObjectResolution Indicates whether the account is being used as the Data Governance default account and will be used to connect to Active Directories which do not have explicit service accounts configured.
StatusDetailMessage If applicable, a message about the current state of the data from the agent.
Status The status of the agent.
CanManageDomains

Indicates whether the service account is capable of being impersonated on the Management Server it is being called upon.

NOTE: This is set within the ServiceAccounts InternalService on the Data Governance server. It will be true if impersonation is successful; and false, if impersonation fails.

ServiceAccountName The name of the service account.

Remove-QServiceAccount

Removes a server account from the Data Governance Edition deployment.

Note: Remove any associated managed domains BEFORE removing a service account. Run the Remove-QManagedDomain cmdlet to remove a managed domain from your Data Governance Edition deployment.

Syntax:

Remove-QServiceAccount [-ServiceAccountId] <String> [<CommonParameters>]

Table 137: Parameters
Parameter Description
ServiceAccountId

Specify the ID (GUID format) of the server account to be removed from the list of registered service accounts.

Run the Get-QServiceAccounts cmdlet without any parameters to retrieve a list of registered service accounts, including the assigned service account ID.

Examples:
Table 138: Examples
Example Description

Remove-QServiceAccount -ServiceAccountId b0a0e218-55c1-41d7-9585-bf7578ad1130

Removes the specified service account from the list of service accounts registered for use by Data Governance Edition.

Set-QServiceAccountUpdated

Notifies the Data Governance server that the service account was updated and the server should process it.

Syntax:

Set-QServiceAccountUpdated [-ServiceAccountId] <String> [<CommonParameters>]

Table 139: Parameters
Parameter Description
ServiceAccountId

Specify the id of the service account to be updated.

Run the Get-QManagedDomains and Get-QServiceAccounts cmdlets to retrieve a list of available service accounts and their IDs.

Examples:
Table 140: Examples
Example Description

Set-QServiceAccountUpdated -ServiceAccountId 18CC36D3-81AE-4856-925B-9B1B1E587381

Updates the specified service account.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione