Chat now with support
Chat with Support

Identity Manager Data Governance Edition 9.2.1 - Technical Insight Guide

One Identity Manager Data Governance Edition Technical Insight Guide Data Governance Edition network communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition Cloud managed hosts permission level to role mapping QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management

Get-QAccountAliases

Returns the account aliases. This can be used to see the group membership for a specific trustee. For example, if one of these groups (aliases) has access to a resource, the original account will also have this same access.

Syntax:

Get-QAccountAliases [-AccountSid] <String> [-AccountDomain] <String> [<CommonParameters>]

Table 193: Parameters
Parameter Description
AccountSid

Specify the security identifier (SID) of the account.

AccountDomain Specify the name of the domain the account is in.
Examples:
Table 194: Examples
Example Description
Get-QAccountAliases -AccountSid S-1-5-21-3765505745-248418262-535198764-1133 mydomain.dge.dev.hal.com Returns the aliases related to the specified account.
Details retrieved:
Table 195: Details retrieved
Detail Description
Sid The security identifier (SID) assigned to the account aliases.
DomainDnsName The DNS name of the domain where the account is located.
TrusteeType The type of account.

Get-QAccountsForHost

Retrieves all account access for a specific managed host.

Syntax:

Get-QAccountsForHost [-ManagedHostId] <String> [<CommonParameters>]

Table 196: Parameters
Parameter Description
ManagedHostId

Specify the ID (GUID format) of the managed host to be queried.

Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of managed hosts and associated IDs.

Examples:
Table 197: Examples
Example Description
Get-QAccountsForHost -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 Retrieves a list of the accounts related to the specified managed host.
Details retrieved:

For each account that has access to the given host, the following information is returned.

Table 198: Details retrieved
Detail Description
TrusteeName A list of the accounts (trustees) for the managed host.
TrusteeSid The security identifier (SID) assigned to each account (trustee).
TrusteeType

The type of account. For a list of trustee types, see Trustee types

AccessibleHosts

Shows all of the hosts that the account has access to.

This host list also shows for each account that has access to the specified host, what other hosts they have access to.

Get-QADAccount

Retrieves Active Directory objects from One Identity Manager and QAM tables: ADSAccount, ADSGroup, ADSOtherSID, QAMLocalUser, and QAMLocalGroup.

Syntax:

Get-QADAccount [-Name] [<String>]] [-Domain] [<String>]] [<CommonParameters>]

Table 199: Parameters
Parameter Description
Name

(Optional) Specify the name of the Active Directory object to be retrieved.

If this parameter is not specified, all Active Directory objects are retrieved.

Domain

(Optional) Specify the domain to be queried to locate the Active Directory objects.

If this parameter is not specified, all domains are included in the query.

Examples:
Table 200: Examples
Example Description
Get-QADAccount Retrieves information for all Active Directory objects on all domains in your Data Governance Edition deployment.
Get-QADAccount -Name Administrator -Domain MyDomain

Retrieves Active Directory information for account Administrator in domain MyDomain.

Details retrieved:
Table 201: Details retrieved
Detail Description
DomainInfo

DomainInfo is an array that can be expanded to display the following information about the domain the account belongs to:

  • DnsDomainName
  • NetbiosDomainName
  • Type
AccountSid The security identifier (SID) assigned to the Active Directory account.
SamAccountName If available, the login name for the account.
DistinquishedName The distinguished name of the Active Directory account.
Name The display name of the Active Directory account.
AccountType The type of account.
ErrorMessage If available, error messages associated with the Active Directory account.

Get-QGroupMembers

Retrieves a list of all the members of a group, including members of child groups. This helps you assess how a specific account has gained access to a resource.

Syntax:

Get-QGroupMembers [-GroupSid] <String> [[-Domain] [<String>]] [<CommonParameters>]

Table 202: Parameters
Parameter Description
GroupSid Specify the security identifier, in SDDL format, of the group whose membership you are interested in.
Domain

(Optional) Specify the domain containing the group whose membership you are interested in.

NOTE: This value will only be used if the domain is valid and multiple instances of this SID exist (well-known SIDs).

Examples:
Table 203: Examples
Example Description
Get-QGroupMembers -GroupSid S-1-5-500 -Domain vmset6 Gets the group members from the specified domain.
Detailed retrieved:
Table 204: Details retrieved
Detail Description
ResultList

ResultList is an array that can be expanded to show the following information for the members of the given group:

  • ID
  • ParentID
  • DNPrefix
  • SamAccountName
  • SamAccountType
  • RID
  • WellKnown
  • GroupType
  • ObjectClass
  • RedundantBranch
IssueList IssuesList is an array that can be expanded to view any issues encountered.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating