Data Governance Edition deployment
The following commands in the OneIdentity.DataGovernance snap-in can be used to deploy and configure the Data Governance Edition. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.
Table 77: Data Governance Edition deployment commands
|
Get-QDeploymentInfo |
View deployment information for your Data Governance server including the deployment name. |
|
Get-QEncryptionOptions |
Retrieve the current encryption options used by One Identity Manager and show whether Data Governance Edition has been configured to use encryption. |
|
Get-QServerAllLogs |
Export all server logs to the designated folder. |
|
Get-ServerVersion |
View the version of the currently running Data Governance server. |
|
Initialize-QDataGovernanceActivity |
Initialize a database to store data generated when a managed host has resource activity tracking enabled.
NOTE: This information is required for several reports, including the Resource Activity report.
This is separate from the One Identity Manager database that stores configuration and security information. |
|
Initialize-QDataGovernanceServer |
Establish the database connection between One Identity Manager and Data Governance Edition. The Data Governance server must be initialized before you can use Data Governance Edition to manage your resources. |
|
Register-QServiceConnectionPoint |
Register service connection points in an Active Directory domain.
NOTE: This can be helpful when the service account registered for a domain does not have sufficient permissions to create a service connection point (SCP). |
|
Remove-QServiceConnectionPoint |
Remove the DataGovernance.Server Service Connection Point (SCP) from an Active Directory domain.
NOTE: This cmdlet can be helpful when you want to remove all Data Governance Edition SCPs from a single Data Governance Edition deployment or all deployments. To recreate an SCP which you inadvertently removed, restart your Data Governance service. |
|
Set-QDeploymentInfo |
Change the deployment parameters for the Data Governance server including the deployment name.
NOTE: Changing this value can prevent the Data Governance service from communicating with existing agents. It is not recommended to change the deployment name of an existing server. |
|
Set-QEncryptionOptions |
Encrypt the Data Governance service account.
NOTE: Only use this command if you have enabled encryption for the One Identity Manager database. |
|
Set-QServiceConnection |
Set the server name and port information used by the Data Governance Edition commands to connect to the Data Governance server.
NOTE: You must run this command before you can use any of the Data Governance Edition commands. |
Service account management
Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The following commands are available to you to manage service accounts. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.
Table 78: Service account management commands
|
Add-QServiceAccount |
Register an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user right on the Data Governance server. |
|
Get-QLogonServiceAccount |
Determine if the account can be used as a service account. |
|
Get-QServiceAccounts |
View a list of service accounts that have been created for the Data Governance server.
NOTE: You can optionally specify a service account id if you are only interested in a particular service account. |
|
Remove-QServiceAccount |
Remove a service account from the deployment.
NOTE: Remove any associated managed domains BEFORE removing a service account. |
|
Set-QServiceAccountUpdated |
Have the Data Governance server update a service account. |
Managed domain deployment
Before you can gather information on the data in your enterprise, you must specify the domain that contains the computers and data that you want to manage. Then assign the service account to access the resources within them.
The following commands are available to you to deploy managed domains. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.
Table 79: Managed domain deployment commands
|
Add-QManagedDomain |
Add a new domain to the Data Governance Edition deployment. |
|
Get-QManagedDomains |
View the list of managed domains in a deployment.
NOTE: You can optionally specify a managed domain ID if you are only interested in a particular domain. |
|
Remove-QManagedDomain |
Remove a managed domain from your deployment. |
Agent deployment
The following commands are available to you to manage your agent deployment. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.
Table 80: Agent deployment commands
|
Get-QAgentEvents |
View saved events for the specified agent from the One Identity Manager database. You can use this command to output the stored agent messages to the console or a text file to quickly identify issues. |
|
Get-QAgentMetrics |
View an agent’s activity and performance. |
|
Set-QAgentConfiguration |
Set the managed paths to be scanned.
NOTE: When you set the managed paths using the cmdlet, existing managed paths are overwritten.
NOTE: This cmdlet does not support setting managed paths for Cloud managed hosts. |
|
Set-QAgentStateUpdated |
Notify the Data Governance server that an agent has been updated and the server should process it. |
|
Upgrade-QAgents |
Upgrade the agents in your deployment.
NOTE: You can identify the agents to upgrade through their agent ID or on a managed host basis. |
