SchemaExtensionCmd.exe
The SchemaExtensionCmd.exe program provides support for importing custom schema extensions into a One Identity Manager database.
In databases with a Test environment or Development system staging level, you can use the program to delete custom schema extensions again.
You can run the program from the command line. The program requires a control file (XML file) for the import. To create control files, use the program. For more information, see the One Identity Manager Configuration Guide.
Calling syntax
SchemaExtensionCmd.exe
/Conn="{Connection string}"
/Auth="{Authentication String}"
[/Definition="{Path to import definition file}"]
[-f]
[/LogLevel=Off|Fatal|Error|Info|Warn|Debug|Trace]
Table 59: Program parameters
|
/Conn |
Database connection parameter. Minimum access level Configuration user.
For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.
Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections. |
|
/Auth |
Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
| /Definition |
Path to the control file (XML file)
Example:
C:\Path\To\Definition.xml |
| /LogLevel |
(Optional) Scope of output to be processed. Permitted values are:
-
Off: No logging.
-
Fatal: All critical error messages are logged.
-
Error: All error messages are logged.
-
Info: All information is logged.
-
Warn: All warnings are logged.
-
Debug: Debugger outputs are logged. This setting should only be used for testing.
-
Trace: Highly detailed information is logged. This setting should only be used for analysis purposes. The log file quickly becomes large and cumbersome. |
|
-f |
(Optional) If this parameter is set, the system does not wait for DBQueue Processor task processing. This can lead to errors if schema extensions are expected that must previously be generated by the DBQueue Processor. |
|
-? |
Display program help. |
Example:
SchemaExtensionCmd.exe
/Conn="Data Source=<Database server>;Initial Catalog=<Database name>;User ID=<Database user>;Password=<Password>"
/Auth=Module=DialogUserAccountBased
/Definition=CustomExtensions.xml
CryptoConfigCMD.exe
The CryptoConfigCMD.exe program supports encryption and decryption of the One Identity Manager database. You can run the program from the command line.
Calling syntax
CryptoConfigCMD.exe
--conn={Connection string}
--auth={Authentication string}
[--mode=Encrypt|EncryptExisting|Decrypt]
[--private-key= {Path to private key}]
[-y]
Table 60: Program parameters
|
--conn |
--connection|
-c |
Database connection parameter. A user with the minimum permission level Configuration user is required.
For more information about permissions, see the One Identity Manager Installation Guide and the One Identity Manager Authorization and Authentication Guide.
Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections. |
|
--auth |
--auth-props|-a |
Authentication data for the installation. The authentication data depends on the authentication module used.
For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
|
--mode |
-m |
(Optional) Mode to run. Permitted values are:
-
Encrypt: create a new private key and encrypt the database (default)
-
EncryptExisting: Encrypt the database with an existing key
-
Decrypt: Decrypt the database values. |
|
--private-key |
-p |
Enter the file with the encryption information.
This path must not exist when encrypting a database. The key can be found under this path after the encryption process. This key file must be present when decrypting the database. |
|
-y |
|
(Optional) If the parameter is present, all security queries are answered with Yes. |
|
--verbose |
-v |
Detailed log of exception errors. |
|
--help |
-h, -? |
Display program help. |
Parameter formats
Multiple-character options can be given in the following forms:
--conn="..."
--conn "..."
/conn="..."
/conn "..."
Single-character options can be given in the following forms:
-c="..."
-c "..."
/c="..."
/c "..."
Switches are allowed in the forms:
-R
/R
Example: Encrypt the database with a new key
CryptoConfigCMD.exe
--conn="Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"
--auth="Module=DialogUser;User=<User name>;Password=<Password>"
--private-key=C:\path\to\private.key
Example: Encrypt the database with an existing key
CryptoConfigCMD.exe
--conn="Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"
--auth="Module=DialogUser;User=<User name>;Password=<Password>"
--mode=EncryptExisting
Example: Decrypt the database with an existing key
CryptoConfigCMD.exe
--conn="Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"
--auth="Module=DialogUser;User=<User name>;Password=<Password>"
--mode=Decrypt
--private-key=C:\path\to\private.key
WebDesigner.InstallerCMD.exe
Using the program WebDesigner.InstallerCMD.exe, you can install and uninstall the Web Portal using the command line console.
NOTE: Run the installation using the command line console in administrator mode.
Calling syntax for installation
WebDesigner.InstallerCMD.exe
[/prov {Provider}]
/conn {Connection string}
/authprops {Authentication string}
/appname {Application name}
/site {Site}
[/sourcedir {Directory}]
[/apppool {Application pool}]
[/webproject {Web project}]
[/constauthproj {Subproject name} /constauth {Authentication}]
[/searchserviceurl {url}]
[/applicationtoken {Token}]
[/updateuser {User name} [/updateuserdomain {Domain}]
[/updateuserpassword {Password}]]
[/allowhttp {true|false}]
[-f]
[-w]
Calling syntax for uninstalling
WebDesigner.InstallerCMD.exe
[/prov {Provider}]
/conn {Connection string}
/authprops {Authentication}
/appname {Application name}
[/site {Site}]
-R
Calling syntax for uninstalling earlier Web Portal versions back to and included version 6.x
WebDesigner.InstallerCMD.exe
/appname {Application name}
[/site {Site}]
-R
Table 61: Program parameters
|
/Prov |
(Optional) Database provider – permitted values are VI.DB.ViSqlFactory, VI.DB and QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client. |
|
/Conn |
Database connection parameter.
Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections. |
|
/authprops |
Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
|
/appname |
Application name. |
|
/site |
Internet Information Services web page on which to install the application. |
|
/sourcedir |
(Optional) Installation source. If this parameter is set, the installation is performed from the file system. If this parameter is not set, the installation is performed from the database (default). |
|
/apppool |
(Optional) Application pool. If this parameter is set, the installation is performed in the specified application pool. If this parameter is not set, a new application pool is installed (default). |
|
/webproject |
(Optional) Name of the web project. If this parameter is set, the specified web project is installed. If this parameter is not set, the web project VI_StandardWeb is installed (default). |
|
/constauthproj |
Name of the subproject. |
|
/constauth |
Authentication settings of the subproject. |
|
/searchserviceurl |
Application server for search function availability. |
|
/applicationtoken |
Application token for the Password Reset Portal. |
|
/updateuser |
(Optional) User for updating. If no user is given, the same user account is used for the application pool. |
|
/updateuserdomain |
Active Directory domain of the user. |
|
/updateuserpassword |
User password. |
|
/allowhttp |
(Optional) If the parameter is set, HTTP is permitted. If this parameter is not available, HTTPS is used (default). |
|
-w |
(Optional) Type of authentication used for the web application. If this parameter is set, Windows authentication is used. If this parameter is not set, anonymous authentication is used on IIS (default). |
|
-f |
(Optional) If this parameter is set, no permissions are allocated for the IIS_USRS user. If this parameter is not set, the permissions are allocated for the IIS_USRS user (default). |
|
-R |
Removes the web application. |
|
/? |
Displays program help. |
Example: Installation with a direct connection against a SQL Server database.
In this example, the parameters are configured as follows:
-
Connection to database on a SQL Server
-
Installation in the default website
-
Application name testqs
-
Authentication with system user testadmin
-
Application server for the availability of the search function https://dbserver.testdomain.lan/TestAppServer
-
Allow HTTP
WebDesigner.InstallerCMD.exe
/conn "Data Source=dbserver.testdomain.lan;Initial Catalog=IdentityManager;Integrated Security=False;User ID=admin;Password=password"
/site "Default Web Site"
/appname testqs
/authprops "Module=DialogUser;User=testadmin;Password="
/searchserviceurl https://dbserver.testdomain.lan/TestAppserver
/allowhttp true
Example: Installation with a direct connection to an application server
In this example, the parameters are configured as follows:
-
Connection to application
-
Installation in the default website
-
Application name testviaappserver
-
With Windows authentication as web authentication
-
User for the updating User1 with the domain MyDomain.lan
WebDesigner.InstallerCMD.exe
/prov "QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client"
/conn "URL=https://test.lan/IdentityManagerAppServer/"
/site "Default Web Site"
/appname testviaappserver
/authprops "Module=DialogUser;User=testadmin;Password="
-w
/updateuser User1
/updateuserdomain MyDomain.lan
/updateuserpassword topsecret
Example: Uninstalling the web application with a connection against an application server
WebDesigner.InstallerCMD.exe
/prov "QBM.AppServer.Client.ServiceClientFactory, QBM.AppServer.Client"
/conn "URL=https://test.lan/IdentityManagerAppServer/"
/appname testviaappserver
/authprops "Module=DialogUser;User=testadmin;Password="
-R
Example: Processing of authentication settings for a subproject
WebDesigner.ConfigFileEditor.exe
-constAuth ../web.config "test_UserRegistration_Web" "Module=DynamicPerson;User[test_USER]=xyz;(Password)Password[test_Password]=xyz;(Hidden)IgnoreMasterIdentities=;(Hidden)Product=Manager"
VI.WebDesigner.CompilerCmd.exe
With the program VI.WebDesigner.CompilerCmd.exe, you can compile the Web Portal using the command line console.
NOTE: Unlike the default settings in the Web Designer, subprojects are not compiled at the same time. This means that when the VI_StandardWeb is compiled, the dI_UserRegistration_Web is not also compiled at the same time.
Calling syntax
VI.WebDesigner.CompilerCmd.exe
/conn {Connection string}
/dialog {Authentication string}
/project {path}
[/solution {path}]
[/mode {mode}]
[-E]
[-D]
[-R]
[/csharpout {folder}]
Table 62: Program parameters
|
/Conn |
Database connection parameter.
Alternatively, you can enter the name of the connection according to the registry HKEY_CURRENT_USER\Software\One Identity\One Identity Manager\Global\Connections. |
|
/dialog |
Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide. |
|
/project |
Name of the web project. |
|
/solution |
(Optional) This parameter specifies the Web Designer solution file to be used. If this parameter is not available, a database project is used. |
|
/mode |
(Optional) This parameter enables you to specify a compilation mode. Permitted values are:
-
normal : Full compilation (default mode)
-
nostore : No assemblies saved to the database.
-
nocompile : C# code generation runs, but without compilation.
-
nocodegen : Only Web Designer compilation, no C# code generation. |
|
-E |
(Optional) This parameter activates the detailed check.
For more information about detailed checks, see the One Identity Manager Web Designer Reference Guide. |
|
-D |
(Optional) This parameter activates the debug compilation. |
|
-R |
(Optional) This parameter activates the generation of a stable C# text. This setting prevents use of certain random values. |
|
/csharpout {folder} |
(Optional) This parameter contains the target directory for C# text. |
|
/help |
Displays program help. |
Example: Release compilation of the VI_StandardWeb
VI.WebDesigner.CompilerCmd.exe
/conn "Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"
/dialog "Module=DialogUser;User=<User name>;Password=<Password>"
/project VI_StandardWeb
Example: Debug compilation of the VI_User_Registration_Web
VI.WebDesigner.CompilerCmd.exe
/conn "Data Source=<Database server>;Initial Catalog=<Database name>; User ID=<Database user>; Password=<Password>"
/dialog "Module=DialogUser;User=<User name>;Password=<Password>"
/project VI_UserRegistration_Web
-D
