Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - Technical Insight Guide

Introduction Data Governance Edition Network Communications Data Governance service Data Governance agents Resource activity collection in Data Governance Edition QAM module tables Configurable configuration file settings
Data Governance service configuration file settings Data Governance agent configuration file settings
Configurable registry settings PowerShell commands
Adding the PowerShell snap-ins Finding component IDs Data Governance Edition deployment Service account management Managed domain deployment Agent deployment Managed host deployment Account access management Resource access management Governed data management Classification management
About us

Get-QHostsForTrustee

Returns a selected user or group's access on all managed hosts in your environment.

Syntax:

Get-QHostsForTrustee [-TrusteeSid] <String> [-IncludeIndirectAccess] [<SwitchParameter>]] [<CommonParameters>]

Table 159: Parameters
Parameter Description
TrusteeSid Specify the security identifier (SID) of the account (trustee) whose access you are interested in.
IncludeIndirectAccess

(Optional) Specify this parameter if you want to include indirect access in the results.

If this parameter is not specified, the results only includes the managed hosts where the specified account has direct access.

Examples:
Table 160: Examples
Example Description
Get-QHostsForTrustee -TrusteeSid S-1-5-21-3765505745-248418262-535198764-500 Returns a list of the managed hosts where the specified account has direct access.
Details retrieved:
Table 161: Details retrieved
Detail Description
HostName The name of the host to which the account has access.
HostDomainName The full domain name of the domain to which the managed host computer belongs.
ManagedHostId The value (GUID) assigned to the managed host computer.
ResourceType The type of resource to which the account has access.
ViaAccount For indirect access, the name of the account through which access is being granted.

Get-QManagedHosts

Retrieves a list of managed hosts currently registered with the Data Governance server.

Syntax:

Get-QManagedHosts [-HostName [<String>]] [-ManagedHostId [<String>]] [<CommonParameters>]

Table 162: Parameters
Parameter Description
HostName (Optional) Specify the pre-Windows 2000 name for the host to be retrieved.
ManagedHostId

(Optional) Specify the ID (GUID format) of the managed host to be retrieved.

NOTE: Run this cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.
Examples:
Table 163: Examples
Example Description
Get-QManagedHosts Retrieves a list of all the managed hosts for a given Data Governance Edition deployment.
Get-QManagedHosts -HostName QAMAUTOMEM2 Retrieves the details for the selected managed host.
Details retrieved:
Table 164: Details retrieved
Detail Description (Associated key or property in QAMManagedHosts table)
Agents

The name and ID (GUID) of agents installed on the managed host.

Agents is an array that can be expanded to display the following details about each agent:

  • Id
  • ManagedHostId
  • Management
  • AgentComputer
  • AgentComputerDnsName
  • AgentComputerActiveDirectorySid
  • AgentComputerManagedDomainId
  • AgentDetails
  • UserNotes
  • PublicKey
  • ServiceAccountId
  • IsPrimaryAgent
  • ConfigurationSettings - this is an array that can be expanded to display the individual configuration settings for the agent.
  • ScannerStates
  • LastDugUpdateTimestamp
  • BelongsToAnotherDeployment
ManagedHostId The value (GUID) assigned to the managed host computer (ManagedHostId).
ManagedHostSid The security identifier (SID) assigned to the managed host computer (ManagedHostSid).
ComputerSamSid Deprecated.
ManagedDomainId The value (GUID) assigned to the managed domain in which the managed host belongs (ManagedDomainId).
HostName The name of the host (HostName).
DfsRoot For DFS managed hosts, the value (GUID) assigned to the dfs root to be scanned (DfsRoot).
SamAccountName The login name for the managed host computer (SAMAccountName).
HostDnsName The full DNS name of the managed host computer (HostDnsName).
HostDomainName The full domain name of the domain to which the managed host computer belongs (HostDomainName).
SiteName If available, the name of the site to which the managed host belongs.
HostType

The physical configuration of the host (HostType).

Management

Indicates whether the host is managed by a local or remote agent (Management):

  • Local
  • Remote
Features

The features that a given managed host supports and will allow, such as SecurityIndex and ResourceManagement.

Status The status of the managed host, based on all the agents monitoring the host.
Internal Status The status of the managed host, based on all the agents monitoring the host.
ResourceNodeId

The ID used to link the managed host back to the activity database (ResourceNodeId).

NOTE: The ResourceNodeId is used in the Clear-QResourceActivity cmdlet.
Keywords Optional keywords entered when the managed host was added to Data Governance Edition (Keywords).
HostContainerId Deprecated.
SharePointFarmId For SharePoint managed hosts, the value (GUID) assigned to the SharePoint farm to be scanned (SharePointFarmId).
SharePointFarmObjectGuid For SharePoint managed hosts, the value (GUID) assigned to the SharePoint object to be scanned (SharePointFarmObjectGuid).
IsManagedResourceHost

Indicates whether this managed host can be used to host managed resources (for example, file shares created through the IT Shop self-service request functionality):

  • False: Can not host a managed resource.
  • True: Can host a managed resource.
ApiUserName

The user account used to connect to the target NAS storage device.

NOTE: Only applies to NFS managed hosts and NetApp OnTap Cluster Mode CIFS managed hosts.
ApiPortNumber

The destination port used for communication between the agent and the target NAS storage device.

NOTE: Only applies to NFS managed hosts and NetApp OnTap Cluster Mode CIFS managed hosts.
ResourceActivityTrackingSupported

Indicates whether resource activity collection is enabled.

IsNfsHost

Indicates whether this is an NFS managed host.

IsEmcHost

Indicates whether this is an EMC managed host.

IsNetAppHost

Indicates whether this is a NetApp managed host.

Remove-QManagedHost

Removes a managed host from the list of registered managed hosts.

Note: When unregistered, any agent instances associated with the managed host are also removed. If a computer no longer hosts any agent instances, the Data Governance agent software is also removed.

Syntax:

Remove-QManagedHost [-ManagedHostIds] <String[]> [[-DeleteDuGFirst] [<SwitchParameter>]] [[-SkipAgentUninstall] [<SwitchParameter>]] [<CommonParameters>]

Table 165: Parameters
Parameter Description
ManagedHostIds

Specify one or managed hosts to be deleted. If you specify multiple managed host ids, separate then with commas.

NOTE: Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of available managed hosts and their IDs.
DeleteDuGFirst (Optional) Specify this parameter if you want to remove the entry in the QAMDuG table prior to removing the specified managed hosts.
SkipAgentUninstall (Optional) Specify this parameter if you want to force the removal of the managed host from the One Identity Manager database, without uninstalling the managed host's agent.

If this parameter is not specified, the agent will be removed as part of the host removal process.

Examples:
Table 166: Examples
Example Description
Remove-QManagedHost -ManagedHostIds A293B96E-9620-4879-8FC7-FB3393E72768 Removes a single managed host from the Data Governance Edition deployment.
Remove-QManagedHost -ManagedHostIds 29F1D9AD-C87A-4F82-830C-0A7CD1088D84,E4A0B8B8-F021-4509-9648-B4C313E542C0 Removes two managed hosts from the Data Governance Edition deployment.

Set-QManagedHostProperties

Changes the properties of a managed host.

Syntax:

Set-QManagedHostProperties [-ManagedHostId] <String> [[-Keyword] [<String>]] [[-ResourceActivityEnabled] [<Boolean>]] [[-Granularity] [<Int32>]] [[-ScheduleType] [QAM.Common.Interfaces.ScheduleConfiguration+ScanScheduleTupe>]] [[-ScheduledDays] [<Int32>]] [[-ScheduledTime] [<TimeSpan>]] [[-ScanInterval] [<TimeSpan>]] [[-EnableRemoteFileSystemChangeWatching] [<Boolean>]] [[-PerformImmediateScanOnWatchError] [<Boolean>]] [[-OverrideScanScheduleOnStartup] [<Boolean>]] [[-SupressHostProcess] [<SwitchParameter>]] [-IsManagedResourceHost [<Boolean>]] [<CommonParameters>]

Table 167: Parameters
Parameter Description
ManagedHostId Specify the ID (GUID format) of the managed host whose properties are to be updated.
Keyword (Optional) Specify a keyword which can then be displayed and used to group your managed host on the Managed hosts view in the Manager.
ResourceActivityEnabled

(Optional) Set this flag to enable resource activity collection. For example:

-ResourceActivityEnabled 1

Granularity

(Optional) Specify how often (in minutes) you would like to synchronize and aggregate the data. That is, this is the amount of time the agent is to record new activity before sending results to the Data Governance server. The value entered will be changed to a valid aggregation interval, as follows:

  • Values less than 10 minutes will be set to 5 minutes.
  • Values between 10 minutes and 2 hours will be set to 1 hour.
  • Values between 2 hours and 15 hours will be set to 8 hours.
  • Values greater than 15 hours will be set to 1 day.

NOTE: Identical activity generated during this time will be recorded as one activity.
ScheduleType

Specifies the time and frequency with which the agent scans the target computer. Valid values are:

  • DayOfWeek: Use to specify a daily scan schedule. If you specify this value, you must also specify the ScheduledDays and ScheduledTime parameters.
  • Interval: Use to scan the target computer on an hourly interval instead of a daily schedule. If you specify this value, you must also specify the ScanInterval parameter.

NOTE: This parameter is required for remotely scanned managed hosts.
ScheduledDays

If the ScheduleType is set to "DayOfWeek", specify the days you would like the agent to scan the managed host.

The syntax is DayOne for Sunday, DayTwo for Monday, etc. For example, to set a scan schedule for Monday, Wednesday and Friday, you would specify ScheduledDays DayTwo,DayFour,DaySix.

ScheduledTime

If the ScheduleType is set to "DayOfWeek", specify the time of day when the scan is scheduled to start.

The syntax is, hh:mm:ss. For example, to start a scan at 4 a.m., specify -ScheduledTime 4:00:00; for 6 p.m., specify -ScheduledTime 18:00:00.

ScanInterval

If the ScheduleType is set to "Interval", specify the interval (in hours) at which the agent will scan the managed host.

For example, to scan every 4 hours, specify -ScanInterval 4.

EnableRemoteFileSystemChangeWatching

(Optional) Set this flag to enable change watching for remotely scanned managed hosts. For example:

-EnableRemoteFileSystemChangeWatching 1

PerformImmediateScanOnWatchError

(Optional) Set this flag to perform a full scan when the watcher encounters an error. For example:

-PerformImmediateScanOnWatchError 1

OverrideScanScheduleOnStartup

(Optional) Set this flag for a remote managed host when you want the agent to do a full scan when the agent is started or restarted. For example:

-OverrideScanScheduleOnStartup 1

SupressHostProcess (Optional) Specify this parameter to stop the cmdlet from processing the managed host. That is, you can change a managed host's properties without actually triggering the server to use them right away.
SelectedDataRoots

Specify the managed paths where the agent should start scanning.

A managed path is the root of an NTFS directory tree to be scanned by an agent, or a point in your SharePoint farm hierarchy below which everything is scanned. The agent monitors the specified managed paths for changes to security settings to maintain the security index. In addition, if resource activity collection is enabled, the agent collects resource activity for these same managed paths.

For local managed hosts, all NTFS drives are scanned and monitored by default; However, you can optionally specify the managed paths to be scanned by the agent. When paths are added to this list, only the specified paths are scanned and monitored.

For remote managed hosts, you must specify the paths to be managed in order for scanning to occur. So if you do not specify any managed paths using the parameter, no scanning will occur for the target managed host.

For SharePoint managed hosts, you must specify the paths to be managed in order for scanning to occur. When you choose a point in your SharePoint hierarchy as a managed path, new items added below that point are automatically scanned.

IsManagedResourceHost

(Optional) Specify this parameter to change the flag that indicates whether the managed host can be used to host a managed resource (for example, file shares created through the IT Shop self-service request functionality).

Valid values are:

  • $false: Can not be used to host a managed resource (default)
  • $true: Can be used to host a managed resource
Examples:
Table 168: Examples
Example Description
Set-QManagedHostProperties -ManagedHostId 97dbedb3-6b02-4dbf-afe2-70d6bf51185a -ResourceActivityEnabled 1 Enables resource activity tracking on the specified managed host.
Set-QManagedHostProperties -ManagedHostId d589359a-8c51-4de0-8dcf-6b463793b0bf -SelectedDataRoots "\\2K8R2DJSQL\C$\Test Data"

Defines a single data root.

Set-QManagedHostProperties -ManagedHostId 97dbedb3-6b02-4dbf-afe2-70d6bf51185a -IsManagedResourceHost $true

Enables managed resources for the managed host.

Related Documents