Get-QHostsForTrustee
Returns a selected user or group's access on all managed hosts in your environment.
Syntax:
Get-QHostsForTrustee [-TrusteeSid] <String> [-IncludeIndirectAccess] [<SwitchParameter>]] [<CommonParameters>]
| Parameter | Description |
|---|---|
| TrusteeSid | Specify the security identifier (SID) of the account (trustee) whose access you are interested in. |
| IncludeIndirectAccess |
(Optional) Specify this parameter if you want to include indirect access in the results. If this parameter is not specified, the results only includes the managed hosts where the specified account has direct access. |
Examples:
| Example | Description |
|---|---|
| Get-QHostsForTrustee -TrusteeSid S-1-5-21-3765505745-248418262-535198764-500 | Returns a list of the managed hosts where the specified account has direct access. |
Details retrieved:
| Detail | Description |
|---|---|
| HostName | The name of the host to which the account has access. |
| HostDomainName | The full domain name of the domain to which the managed host computer belongs. |
| ManagedHostId | The value (GUID) assigned to the managed host computer. |
| ResourceType | The type of resource to which the account has access. |
| ViaAccount | For indirect access, the name of the account through which access is being granted. |
Get-QManagedHosts
Retrieves a list of managed hosts currently registered with the Data Governance server.
Syntax:
Get-QManagedHosts [-HostName [<String>]] [-ManagedHostId [<String>]] [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| HostName | (Optional) Specify the pre-Windows 2000 name for the host to be retrieved. | ||
| ManagedHostId |
(Optional) Specify the ID (GUID format) of the managed host to be retrieved.
|
Examples:
| Example | Description |
|---|---|
| Get-QManagedHosts | Retrieves a list of all the managed hosts for a given Data Governance Edition deployment. |
| Get-QManagedHosts -HostName QAMAUTOMEM2 | Retrieves the details for the selected managed host. |
Details retrieved:
| Detail | Description (Associated key or property in QAMManagedHosts table) | ||
|---|---|---|---|
| Agents |
The name and ID (GUID) of agents installed on the managed host. Agents is an array that can be expanded to display the following details about each agent:
| ||
| ManagedHostId | The value (GUID) assigned to the managed host computer (ManagedHostId). | ||
| ManagedHostSid | The security identifier (SID) assigned to the managed host computer (ManagedHostSid). | ||
| ComputerSamSid | Deprecated. | ||
| ManagedDomainId | The value (GUID) assigned to the managed domain in which the managed host belongs (ManagedDomainId). | ||
| HostName | The name of the host (HostName). | ||
| DfsRoot | For DFS managed hosts, the value (GUID) assigned to the dfs root to be scanned (DfsRoot). | ||
| SamAccountName | The login name for the managed host computer (SAMAccountName). | ||
| HostDnsName | The full DNS name of the managed host computer (HostDnsName). | ||
| HostDomainName | The full domain name of the domain to which the managed host computer belongs (HostDomainName). | ||
| SiteName | If available, the name of the site to which the managed host belongs. | ||
| HostType |
The physical configuration of the host (HostType). | ||
| Management |
Indicates whether the host is managed by a local or remote agent (Management):
| ||
| Features |
The features that a given managed host supports and will allow, such as SecurityIndex and ResourceManagement. | ||
| Status | The status of the managed host, based on all the agents monitoring the host. | ||
| Internal Status | The status of the managed host, based on all the agents monitoring the host. | ||
| ResourceNodeId |
The ID used to link the managed host back to the activity database (ResourceNodeId).
| ||
| Keywords | Optional keywords entered when the managed host was added to Data Governance Edition (Keywords). | ||
| HostContainerId | Deprecated. | ||
| SharePointFarmId | For SharePoint managed hosts, the value (GUID) assigned to the SharePoint farm to be scanned (SharePointFarmId). | ||
| SharePointFarmObjectGuid | For SharePoint managed hosts, the value (GUID) assigned to the SharePoint object to be scanned (SharePointFarmObjectGuid). | ||
| IsManagedResourceHost |
Indicates whether this managed host can be used to host managed resources (for example, file shares created through the IT Shop self-service request functionality):
| ||
| ApiUserName |
The user account used to connect to the target NAS storage device.
| ||
| ApiPortNumber |
The destination port used for communication between the agent and the target NAS storage device.
| ||
| ResourceActivityTrackingSupported |
Indicates whether resource activity collection is enabled. | ||
| IsNfsHost |
Indicates whether this is an NFS managed host. | ||
| IsEmcHost |
Indicates whether this is an EMC managed host. | ||
| IsNetAppHost |
Indicates whether this is a NetApp managed host. |
Remove-QManagedHost
Removes a managed host from the list of registered managed hosts.
|
|
Note: When unregistered, any agent instances associated with the managed host are also removed. If a computer no longer hosts any agent instances, the Data Governance agent software is also removed. |
Syntax:
Remove-QManagedHost [-ManagedHostIds] <String[]> [[-DeleteDuGFirst] [<SwitchParameter>]] [[-SkipAgentUninstall] [<SwitchParameter>]] [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| ManagedHostIds |
Specify one or managed hosts to be deleted. If you specify multiple managed host ids, separate then with commas.
| ||
| DeleteDuGFirst | (Optional) Specify this parameter if you want to remove the entry in the QAMDuG table prior to removing the specified managed hosts. | ||
| SkipAgentUninstall | (Optional) Specify this parameter if you want to force the removal of the managed host from the One Identity Manager database, without uninstalling the managed host's agent.
If this parameter is not specified, the agent will be removed as part of the host removal process. |
Examples:
| Example | Description |
|---|---|
| Remove-QManagedHost -ManagedHostIds A293B96E-9620-4879-8FC7-FB3393E72768 | Removes a single managed host from the Data Governance Edition deployment. |
| Remove-QManagedHost -ManagedHostIds 29F1D9AD-C87A-4F82-830C-0A7CD1088D84,E4A0B8B8-F021-4509-9648-B4C313E542C0 | Removes two managed hosts from the Data Governance Edition deployment. |
Set-QManagedHostProperties
Changes the properties of a managed host.
Syntax:
Set-QManagedHostProperties [-ManagedHostId] <String> [[-Keyword] [<String>]] [[-ResourceActivityEnabled] [<Boolean>]] [[-Granularity] [<Int32>]] [[-ScheduleType] [QAM.Common.Interfaces.ScheduleConfiguration+ScanScheduleTupe>]] [[-ScheduledDays] [<Int32>]] [[-ScheduledTime] [<TimeSpan>]] [[-ScanInterval] [<TimeSpan>]] [[-EnableRemoteFileSystemChangeWatching] [<Boolean>]] [[-PerformImmediateScanOnWatchError] [<Boolean>]] [[-OverrideScanScheduleOnStartup] [<Boolean>]] [[-SupressHostProcess] [<SwitchParameter>]] [-IsManagedResourceHost [<Boolean>]] [<CommonParameters>]
| Parameter | Description | ||
|---|---|---|---|
| ManagedHostId | Specify the ID (GUID format) of the managed host whose properties are to be updated. | ||
| Keyword | (Optional) Specify a keyword which can then be displayed and used to group your managed host on the Managed hosts view in the Manager. | ||
| ResourceActivityEnabled |
(Optional) Set this flag to enable resource activity collection. For example: -ResourceActivityEnabled 1 | ||
| Granularity |
(Optional) Specify how often (in minutes) you would like to synchronize and aggregate the data. That is, this is the amount of time the agent is to record new activity before sending results to the Data Governance server. The value entered will be changed to a valid aggregation interval, as follows:
| ||
| ScheduleType |
Specifies the time and frequency with which the agent scans the target computer. Valid values are:
| ||
| ScheduledDays |
If the ScheduleType is set to "DayOfWeek", specify the days you would like the agent to scan the managed host. The syntax is DayOne for Sunday, DayTwo for Monday, etc. For example, to set a scan schedule for Monday, Wednesday and Friday, you would specify ScheduledDays DayTwo,DayFour,DaySix. | ||
| ScheduledTime |
If the ScheduleType is set to "DayOfWeek", specify the time of day when the scan is scheduled to start. The syntax is, hh:mm:ss. For example, to start a scan at 4 a.m., specify -ScheduledTime 4:00:00; for 6 p.m., specify -ScheduledTime 18:00:00. | ||
| ScanInterval |
If the ScheduleType is set to "Interval", specify the interval (in hours) at which the agent will scan the managed host. For example, to scan every 4 hours, specify -ScanInterval 4. | ||
| EnableRemoteFileSystemChangeWatching |
(Optional) Set this flag to enable change watching for remotely scanned managed hosts. For example: -EnableRemoteFileSystemChangeWatching 1 | ||
| PerformImmediateScanOnWatchError |
(Optional) Set this flag to perform a full scan when the watcher encounters an error. For example: -PerformImmediateScanOnWatchError 1 | ||
| OverrideScanScheduleOnStartup |
(Optional) Set this flag for a remote managed host when you want the agent to do a full scan when the agent is started or restarted. For example: -OverrideScanScheduleOnStartup 1 | ||
| SupressHostProcess | (Optional) Specify this parameter to stop the cmdlet from processing the managed host. That is, you can change a managed host's properties without actually triggering the server to use them right away. | ||
| SelectedDataRoots |
Specify the managed paths where the agent should start scanning. A managed path is the root of an NTFS directory tree to be scanned by an agent, or a point in your SharePoint farm hierarchy below which everything is scanned. The agent monitors the specified managed paths for changes to security settings to maintain the security index. In addition, if resource activity collection is enabled, the agent collects resource activity for these same managed paths. For local managed hosts, all NTFS drives are scanned and monitored by default; However, you can optionally specify the managed paths to be scanned by the agent. When paths are added to this list, only the specified paths are scanned and monitored. For remote managed hosts, you must specify the paths to be managed in order for scanning to occur. So if you do not specify any managed paths using the parameter, no scanning will occur for the target managed host. For SharePoint managed hosts, you must specify the paths to be managed in order for scanning to occur. When you choose a point in your SharePoint hierarchy as a managed path, new items added below that point are automatically scanned. | ||
| IsManagedResourceHost |
(Optional) Specify this parameter to change the flag that indicates whether the managed host can be used to host a managed resource (for example, file shares created through the IT Shop self-service request functionality). Valid values are:
|
Examples:
| Example | Description |
|---|---|
| Set-QManagedHostProperties -ManagedHostId 97dbedb3-6b02-4dbf-afe2-70d6bf51185a -ResourceActivityEnabled 1 | Enables resource activity tracking on the specified managed host. |
| Set-QManagedHostProperties -ManagedHostId d589359a-8c51-4de0-8dcf-6b463793b0bf -SelectedDataRoots "\\2K8R2DJSQL\C$\Test Data" |
Defines a single data root. |
| Set-QManagedHostProperties -ManagedHostId 97dbedb3-6b02-4dbf-afe2-70d6bf51185a -IsManagedResourceHost $true |
Enables managed resources for the managed host. |