Encrypts the Data Governance service account.
Note: Only use this cmdlet if you have enabled encryption for the One Identity Manager database.
Syntax:
Set-QEncryptionOptions [-File] <String> [[-FIPSCompliantRSA] [<SwitchParameter>]] [[-RSA] [<SwitchParameter>]] [<CommonParameters>]
Table 125: Parameters
| File |
Specify the path to the file that contains the encryption key information. |
| FIPSCompliantRSA |
(Optional) Specify this parameter if FIPS compliant algorithm will be used. |
| RSA |
(Optional) Specify this parameter if RSA compliant algorithm will be used. |
Examples:
Table 126: Examples
| Set-QEncryptionOptions -File \\2k8R2DJSQL\C$\key -RSA |
Encrypts the Data Governance service account using RSA compliant algorithm. |
Sets the deployment name, server name and port information used by the Data Governance Edition commands to connect to the Data Governance server.
Note: This cmdlet must run before you can use any of the Data Governance Edition commands.
Syntax:
Set-QServiceConnection [-DeploymentId] [<String>]] [-ServerName [<String>]] [-Port [<String>]] [-Validate [<SwitchParameter>]] [<CommonParameters>]
Table 127: Parameters
| DeploymentId |
(Optional) Specify the deployment name of the Data Governance Edition deployment you wish to connect.
If you are unsure of the deployment name, specify the server name (-ServerName parameter). |
| ServerName |
(Optional) Specify the name of the server to be used by the Data Governance Edition commands. This can be specified in DNS, pre-Windows 2000 or IP address format.
If you are unsure of the server name, specify the deployment name (-DeploymentId parameter). |
| Port |
(Optional) Specify the listening port in the Data Governance Edition service configuration. If this parameter is not specified, the default port (8722) is used.
If you are unsure of the port number, specify the deployment name (-DeploymentId parameter). |
| Validate |
(Optional) Specify this parameter to change the flag that indicates whether to validate the connection. |
Examples:
Table 128: Examples
| Set-QServiceConnection -ServerName qamautomem1 -Port 8722 |
Sets the service connection for a server on the computer named qamautomem1 on port 8722. |
| Set-QServiceConnection -DeploymentId MainDeployment |
Sets the service connection for a server in the MainDeployment deployment. |
Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The following commands are available to you to manage service accounts. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.
Registers an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user rights on the Data Governance server.
Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (Service Accounts). These Service Accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The Service Account performs actions that a local service cannot. For example, a remote agent needs a Service Account to access the files on the managed host it is scanning.
Note: Service Accounts must have administrative privileges in the domains they are registered with. This allows the Data Governance server to elevate its identity to these accounts and perform actions such as agent deployments and Active Directory queries.
Syntax:
Add-QServiceAccount [-AccountDomain] <String> [-AccountName] <String> [-Password] <String> [[-IsDefaultObjectResolution] [<Boolean>]] [<CommonParameters>]
Table 130: Parameters
| AccountDomain |
Specify the pre-Windows 2000 name of the account domain. |
| AccountName |
Specify the logon name (pre-Windows 2000 name) of the account. |
| Password |
Specify the password associated with the account. |
| IsDefaultObjectResolution |
(Optional) Specify this parameter to indicate whether the account being registered is to be used as the Data Governance default account. This account will be used to connect to Active Directories which do not have explicit service accounts configured.
Valid values are:
- 0 or $false: The account is not used as the Data Governance default account (default).
- 1 or $true: The account is used as the Data Governance default account.
|
Examples:
Table 131: Examples
| Add-QServiceAccount -AccountDomain "qamauto" -AccountName "administrator" -Password 'Pa$$word' |
Adds a service account for the domain "qamauto", with the user name of "administrator" and a password of 'Pa$$word'.
NOTE: Single quotes are used around the password text because it contains $ characters. |
