Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.2.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Set-QEncryptionOptions

Encrypts the Data Governance service account.

Note: Only use this cmdlet if you have enabled encryption for the One Identity Manager database.

Syntax:

Set-QEncryptionOptions [-File] <String> [[-FIPSCompliantRSA] [<SwitchParameter>]] [[-RSA] [<SwitchParameter>]] [<CommonParameters>]

Table 125: Parameters
Parameter Description
File Specify the path to the file that contains the encryption key information.
FIPSCompliantRSA (Optional) Specify this parameter if FIPS compliant algorithm will be used.
RSA

(Optional) Specify this parameter if RSA compliant algorithm will be used.

Examples:
Table 126: Examples
Example Description
Set-QEncryptionOptions -File \\2k8R2DJSQL\C$\key -RSA Encrypts the Data Governance service account using RSA compliant algorithm.

Set-QServiceConnection

Sets the deployment name, server name and port information used by the Data Governance Edition commands to connect to the Data Governance server.

Note: This cmdlet must run before you can use any of the Data Governance Edition commands.

Syntax:

Set-QServiceConnection [-DeploymentId] [<String>]] [-ServerName [<String>]] [-Port [<String>]] [-Validate [<SwitchParameter>]] [<CommonParameters>]

Table 127: Parameters
Parameter Description
DeploymentId

(Optional) Specify the deployment name of the Data Governance Edition deployment you wish to connect.

If you are unsure of the deployment name, specify the server name (-ServerName parameter).

ServerName

(Optional) Specify the name of the server to be used by the Data Governance Edition commands. This can be specified in DNS, pre-Windows 2000 or IP address format.

If you are unsure of the server name, specify the deployment name (-DeploymentId parameter).

Port

(Optional) Specify the listening port in the Data Governance Edition service configuration. If this parameter is not specified, the default port (8722) is used.

If you are unsure of the port number, specify the deployment name (-DeploymentId parameter).

Validate

(Optional) Specify this parameter to change the flag that indicates whether to validate the connection.

Examples:
Table 128: Examples
Example Description
Set-QServiceConnection -ServerName qamautomem1 -Port 8722 Sets the service connection for a server on the computer named qamautomem1 on port 8722.
Set-QServiceConnection -DeploymentId MainDeployment Sets the service connection for a server in the MainDeployment deployment.

Service account management

Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.

The following commands are available to you to manage service accounts. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 129: Service account management commands

Use this command

If you want to

Add-QServiceAccount

Register an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user right on the Data Governance server.

For more information, see Add-QServiceAccount.

Get-QLogonServiceAccount

Determine if the account can be used as a service account.

For more information, see Get-QLogonServiceAccount.

Get-QServiceAccounts

View a list of service accounts that have been created for the Data Governance server.

NOTE: You can optionally specify a service account id if you are only interested in a particular service account.

For more information, see Get-QServiceAccounts.

Remove-QServiceAccount

Remove a service account from the deployment.

NOTE: Remove any associated managed domains BEFORE removing a service account.

For more information, see Remove-QServiceAccount.

Set-QServiceAccountUpdated

Have the Data Governance server update a service account.

For more information, see Set-QServiceAccountUpdated.

Add-QServiceAccount

Registers an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user rights on the Data Governance server.

Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (Service Accounts). These Service Accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.

The Service Account performs actions that a local service cannot. For example, a remote agent needs a Service Account to access the files on the managed host it is scanning.

Note: Service Accounts must have administrative privileges in the domains they are registered with. This allows the Data Governance server to elevate its identity to these accounts and perform actions such as agent deployments and Active Directory queries.

Syntax:

Add-QServiceAccount [-AccountDomain] <String> [-AccountName] <String> [-Password] <String> [[-IsDefaultObjectResolution] [<Boolean>]] [<CommonParameters>]

Table 130: Parameters
Parameter Description
AccountDomain

Specify the pre-Windows 2000 name of the account domain.

AccountName

Specify the logon name (pre-Windows 2000 name) of the account.

Password Specify the password associated with the account.
IsDefaultObjectResolution

(Optional) Specify this parameter to indicate whether the account being registered is to be used as the Data Governance default account. This account will be used to connect to Active Directories which do not have explicit service accounts configured.

Valid values are:

  • 0 or $false: The account is not used as the Data Governance default account (default).
  • 1 or $true: The account is used as the Data Governance default account.
Examples:
Table 131: Examples
Example Description
Add-QServiceAccount -AccountDomain "qamauto" -AccountName "administrator" -Password 'Pa$$word'

Adds a service account for the domain "qamauto", with the user name of "administrator" and a password of 'Pa$$word'.

NOTE: Single quotes are used around the password text because it contains $ characters.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating