Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The following commands are available to you to manage service accounts.
Use this command |
If you want to | ||
---|---|---|---|
Add-QServiceAccount |
Register an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user right on the Data Governance server. | ||
Get-QLogonServiceAccount |
Determine if the account can be used as a service account. | ||
Get-QServiceAccounts |
View a list of service accounts that have been created for the Data Governance server.
| ||
Remove-QServiceAccount |
Remove a service account from the deployment.
| ||
Set-QServiceAccountUpdated |
Have the Data Governance server update a service account. |
Registers an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user rights on the Data Governance server.
Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (Service Accounts). These Service Accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.
The Service Account performs actions that a local service cannot. For example, a remote agent needs a Service Account to access the files on the managed host it is scanning.
|
Note: Service Accounts must have administrative privileges in the domains they are registered with. This allows the Data Governance server to elevate its identity to these accounts and perform actions such as agent deployments and Active Directory queries. |
Add-QServiceAccount [-AccountDomain] <String> [-AccountName] <String> [-Password] <String> [[-IsDefaultObjectResolution] [<Boolean>]] [<CommonParameters>]
Parameter | Description |
---|---|
AccountDomain |
Specify the pre-Windows 2000 name of the account domain. |
AccountName |
Specify the logon name (pre-Windows 2000 name) of the account. |
Password | Specify the password associated with the account. |
IsDefaultObjectResolution |
(Optional) Specify this parameter to indicate whether the account being registered is to be used as the Data Governance default account. This account will be used to connect to Active Directories which do not have explicit service accounts configured. Valid values are:
|
Example | Description | ||
---|---|---|---|
Add-QServiceAccount -AccountDomain "qamauto" -AccountName "administrator" -Password 'Pa$$word' |
Adds a service account for the domain "qamauto", with the user name of "administrator" and a password of 'Pa$$word'.
|
Determines if the specified account meets the requirements to be used as a service account in Data Governance Edition.
|
Note: Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition. |
Get-QLogonServiceAccount [-UserName] <String> [-Password] <String> [-DomainId] <String> [<CommonParameters>]
Parameter | Description |
---|---|
UserName |
Specify the name of the Active Directory account to be checked. |
Password | Specify the password associated with the account. |
DomainName | Specify the name of the domain to be checked to determine if the specified account meets the requirements of a service account. |
Example | Description |
---|---|
Get-QLogonServiceAccount -UserName Administrator -Password myppassword -DomainName mydomain.dge.dev.phx.com | Checks the specified account to determine if it meets the requirements to be used as a service account in Data Governance Edition. |
Retrieves a list of service accounts registered with the Data Governance server.
Get-QServiceAccounts [-ServiceAccountId] [<String>]] [<CommonParameters>]
Parameter | Description | ||
---|---|---|---|
ServiceAccountId |
(Optional) Specify the ID (GUID format) of the service account to be retrieved.
|
Example | Description |
---|---|
Get-QServiceAccounts |
Retrieves a list of all registered service accounts. |
Get-QServiceAccounts -ServiceAccountId 3253af66-c104-4472-b770-c8097b2df6d8 | Retrieves information about the specified service account. |
Detail | Description (Associated key or property in QAMServiceAccount table) | ||
---|---|---|---|
ServiceAccountId | The value (GUID) assigned to the service account (UID_QAMServiceAccount). | ||
AccountSid | The security identifier (SID) assigned to the Active Directory account. | ||
UserDomainName | The name of the domain to which the user belongs. | ||
UserName | Logon name (pre-Windows 2000) of the Active Directory account (UID_ADSAccount). | ||
UserPrincipalName | User principal name (email address) of the service account. | ||
Description | The descriptive text entered when the service account was registered with Data Governance Edition. | ||
IsDefaultObjectResolution | Indicates whether the account is being used as the Data Governance default account and will be used to connect to Active Directories which do not have explicit service accounts configured. | ||
StatusDetailMessage | If applicable, a message about the current state of the data from the agent. | ||
Status | The status of the agent. | ||
CanManageDomains |
Indicates whether the service account is capable of being impersonated on the Management Server it is being called upon.
| ||
ServiceAccountName | The name of the service account. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy