Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The following commands are available to you to manage service accounts. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.
Registers an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user rights on the Data Governance server.
Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (Service Accounts). These Service Accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The Service Account performs actions that a local service cannot. For example, a remote agent needs a Service Account to access the files on the managed host it is scanning.
Note: Service Accounts must have administrative privileges in the domains they are registered with. This allows the Data Governance server to elevate its identity to these accounts and perform actions such as agent deployments and Active Directory queries.
Syntax:
Add-QServiceAccount [-AccountDomain] <String> [-AccountName] <String> [-Password] <String> [[-IsDefaultObjectResolution] [<Boolean>]] [<CommonParameters>]
Table 127: Parameters
| AccountDomain |
Specify the pre-Windows 2000 name of the account domain. |
| AccountName |
Specify the logon name (pre-Windows 2000 name) of the account. |
| Password |
Specify the password associated with the account. |
| IsDefaultObjectResolution |
(Optional) Specify this parameter to indicate whether the account being registered is to be used as the Data Governance default account. This account will be used to connect to Active Directories which do not have explicit service accounts configured.
Valid values are:
- 0 or $false: The account is not used as the Data Governance default account (default).
- 1 or $true: The account is used as the Data Governance default account.
|
Examples:
Table 128: Examples
| Add-QServiceAccount -AccountDomain "qamauto" -AccountName "administrator" -Password 'Pa$$word' |
Adds a service account for the domain "qamauto", with the user name of "administrator" and a password of 'Pa$$word'.
NOTE: Single quotes are used around the password text because it contains $ characters. |
Determines if the specified account meets the requirements to be used as a service account in Data Governance Edition.
Note:Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
Syntax:
Get-QLogonServiceAccount [-UserName] <String> [-Password] <String> [-DomainId] <String> [<CommonParameters>]
Table 129: Parameters
| UserName |
Specify the name of the Active Directory account to be checked. |
| Password |
Specify the password associated with the account. |
| DomainName |
Specify the name of the domain to be checked to determine if the specified account meets the requirements of a service account. |
Examples:
Table 130: Examples
| Get-QLogonServiceAccount -UserName Administrator -Password myppassword -DomainName mydomain.dge.dev.phx.com |
Checks the specified account to determine if it meets the requirements to be used as a service account in Data Governance Edition. |
Retrieves a list of service accounts registered with the Data Governance server.
Syntax:
Get-QServiceAccounts [-ServiceAccountId] [<String>]] [<CommonParameters>]
Table 131: Parameters
| ServiceAccountId |
(Optional) Specify the ID (GUID format) of the service account to be retrieved.
Run the Get-QManagedDomains cmdlet to retrieve a list of managed domains, including the managed domain and service account IDs. |
Examples:
Table 132: Examples
| Get-QServiceAccounts |
Retrieves a list of all registered service accounts. |
| Get-QServiceAccounts -ServiceAccountId 3253af66-c104-4472-b770-c8097b2df6d8 |
Retrieves information about the specified service account. |
Details retrieved:
Table 133: Details retrieved
| ServiceAccountId |
The value (GUID) assigned to the service account (UID_QAMServiceAccount). |
| AccountSid |
The security identifier (SID) assigned to the Active Directory account. |
| UserDomainName |
The name of the domain to which the user belongs. |
| UserName |
Logon name (pre-Windows 2000) of the Active Directory account (UID_ADSAccount). |
| UserPrincipalName |
User principal name (email address) of the service account. |
| Description |
The descriptive text entered when the service account was registered with Data Governance Edition. |
| IsDefaultObjectResolution |
Indicates whether the account is being used as the Data Governance default account and will be used to connect to Active Directories which do not have explicit service accounts configured. |
| StatusDetailMessage |
If applicable, a message about the current state of the data from the agent. |
| Status |
The status of the agent. |
| CanManageDomains |
Indicates whether the service account is capable of being impersonated on the Management Server it is being called upon.
NOTE: This is set within the ServiceAccounts InternalService on the Data Governance server. It will be true if impersonation is successful; and false, if impersonation fails. |
| ServiceAccountName |
The name of the service account. |
