Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.2.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Managed domain deployment

Before you can gather information on the data in your enterprise, you must specify the domain that contains the computers and data that you want to manage. Then assign the service account to access the resources within them.

The following commands are available to you to deploy managed domains. For full parameter details and examples, click a command hyperlink in the table or see the command help, using the Get-Help command.

Table 141: Managed domain deployment commands

Use this command

If you want to

Add-QManagedDomain

Add a new domain to the Data Governance Edition deployment.

For more information, see Add-QManagedDomain.

Get-QManagedDomains

View the list of managed domains in a deployment.

NOTE: You can optionally specify a managed domain ID if you are only interested in a particular domain.

For more information, see Get-QManagedDomains.

Remove-QManagedDomain

Remove a managed domain from your deployment.

For more information, see Remove-QManagedDomain.

Add-QManagedDomain

Adds a new domain to the Data Governance Edition deployment.

The Data Governance server constructs an in-memory map of the Active Directory forest and domain structure where it is deployed. Administrators responsible for the Data Governance Edition deployment must register Service Accounts with the system and link them with domains. The link between a Service Account and an Active Directory domain makes it a "managed domain".

Note: Only domains that have been previously synchronized into the One Identity Manager database are available to be managed by Data Governance Edition.

Syntax:

Add-QManagedDomain [-ServiceAccountID] <String> [-DomainName] <String> [<CommonParameters>]

Table 142: Parameters
Parameter Description
ServiceAccountID

Specify the ID (GUID format) of the service account that will manage the domain.

Run the Get-QServiceAccounts cmdlet to retrieve a list of all service accounts registered with your Data Governance Edition deployment.

DomainName

Specify the DNS name of the domain to be added as a managed domain.

Examples:
Table 143: Examples
Example Description
Add-QManagedDomain -ServiceAccountID 7dd2eb51-e1cb-47f2-8c76-093fd4e0459e -DomainName mydomain.local Adds a new managed domain.

Get-QManagedDomains

Retrieves information, including the service account and managed domain IDs, for a managed domain from the Data Governance Edition deployment.

Syntax:

Get-QManagedDomains [-ManagedDomainId [<String>]] [<CommonParameters>]

Table 144: Parameters
Parameter Description
ManagedDomainId

(Optional) Specify the ID (GUID format) of the managed domain to be retrieved.

Examples:
Table 145: Examples
Example Description
Get-QManagedDomains Returns all managed domains in the database.
Get-QManagedDomains -ManagedDomainId 50905871-5379-455d-8b65-c4bd02360bdb Returns information on the specified managed domain.
Details retrieved:
Table 146: Details retrieved
Detail Description (Associated key or property in ADSDomain table)
ManagedDomainID

The value (GUID) assigned to the managed domain. (UID_ADSDomain)

DomainDnsName

The full DNS name of the managed domain. (ADSDomainName)

ForestDnsName

The full DNS name of the forest where the domain resides. (UID_ADSForest)

Status The status of the managed host, based on all the agents monitoring the host.
NetbiosName The Netbios name of the managed domain.
DomainSid The security identifier (SID) assigned to the managed domain.
ServiceAccountId The value (GUID) of the service account assigned to the managed domain. (UID_QAMServiceAccount)
AccessGroupSid Deprecated.
ServiceAccountInfo The name of the service account assigned to the managed domain.
DomainControllerName The name of the domain controller hosting the managed domain.
ExtendedRightsCreated Indicates whether extended rights were created by Data Governance Edition in the Active Directory environment.

Remove-QManagedDomain

Removes a managed domain from the Data Governance Edition deployment.

Note: Remove all managed hosts associated with a managed domain BEFORE removing a managed domain. Run the Remove-QManagedHost cmdlet to remove a managed host.

Syntax:

Remove-QManagedDomain [-ManagedDomainId] <String> [<CommonParameters>]

Table 147: Parameters
Parameter Description
ManagedDomainId

Specify the ID (GUID format) of the managed domain to be removed.

Run the Get-QManagedDomains cmdlet without any parameters to retrieve a list of managed domains, including the managed domain ID.

Examples:
Table 148: Examples
Example Description

Remove-QManagedDomain -ManagedDomainId 830b1e48-c682-4d3e-965c-d96ee6db6262

Removes the specified managed domain from Data Governance Edition.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating