Retrieves Active Directory objects from One Identity Manager and QAM tables: ADSAccount, ADSGroup, ADSOtherSID, QAMLocalUser, and QAMLocalGroup.
Get-QADAccount [-Name] [<String>]] [-Domain] [<String>]] [<CommonParameters>]
Parameter | Description |
---|---|
Name |
(Optional) Specify the name of the Active Directory object to be retrieved. If this parameter is not specified, all Active Directory objects are retrieved. |
Domain |
(Optional) Specify the domain to be queried to locate the Active Directory objects. If this parameter is not specified, all domains are included in the query. |
Example | Description |
---|---|
Get-QADAccount | Retrieves information for all Active Directory objects on all domains in your Data Governance Edition deployment. |
Get-QADAccount -Name Administrator -Domain MyDomain |
Retrieves Active Directory information for account Administrator in domain MyDomain. |
Detail | Description |
---|---|
DomainInfo |
DomainInfo is an array that can be expanded to display the following information about the domain the account belongs to:
|
AccountSid | The security identifier (SID) assigned to the Active Directory account. |
SamAccountName | If available, the login name for the account. |
DistinquishedName | The distinguished name of the Active Directory account. |
Name | The display name of the Active Directory account. |
AccountType | The type of account. |
ErrorMessage | If available, error messages associated with the Active Directory account. |
Retrieves a list of all the members of a group, including members of child groups. This helps you assess how a specific account has gained access to a resource.
Get-QGroupMembers [-GroupSid] <String> [[-Domain] [<String>]] [<CommonParameters>]
Parameter | Description | ||
---|---|---|---|
GroupSid | Specify the security identifier, in SDDL format, of the group whose membership you are interested in. | ||
Domain |
(Optional) Specify the domain containing the group whose membership you are interested in.
|
Example | Description |
---|---|
Get-QGroupMembers -GroupSid S-1-5-500 -Domain vmset6 | Gets the group members from the specified domain. |
Detail | Description |
---|---|
ResultList |
ResultList is an array that can be expanded to show the following information for the members of the given group:
|
IssueList | IssuesList is an array that can be expanded to view any issues encountered. |
Retrieves all of the entries from the QAMTrustees table who are also listed within the QAMSecurityIndex table, denoting an indexed trustee.
Get-QIndexedTrustees [-TrusteeName [<String>]] [-Domain [<String>]] [<CommonParameters>]
Parameter | Description |
---|---|
TrusteeName |
(Optional) Specify the name of the trustee to be searched. If this parameter is not specified, all indexed trustees are returned. |
Domain |
(Optional) Specify the domain of the trustee to be searched. If this parameter is not specified, all domains are queried to locate indexed trustees. |
Example | Description |
---|---|
Get-QIndexedTrustees -TrusteeName Administrator -Domain MyDomain |
Retrieves all indexed accounts from the QAMTrustees table where the account name is Administrator and the domain is MyDomain. |
Detail | Description |
---|---|
Sid | The security identifier (SID) assigned to the account. |
PreWindows2000Name | The logon name (Pre-Windows 2000) of the Active Directory account. |
Domain | The name of the domain where the account resides. |
TrusteeType | The type of trustee (account). |
A key challenge in improving data governance is keeping track of permissions within your environment. To ensure that data is secured in a manner that meets your business needs, you must be able to easily identify who has been given access and manage that access appropriately.
The following commands are available to you to manage resource access.
Use this command |
If you want to | ||
---|---|---|---|
Export-QResourceAccess |
Export the security information on a selected resource. | ||
Get-QChildResources |
View the resources contained in a specific root on a managed host. You can use this to enumerate the contents of remote folders and shares. In particular, it would be similar to the standard Windows PowerShell Get-ChildItems cmdlet but it functions using the Data Governance server as a proxy, so the client machine does not necessarily need direct access to the target machine. For more information, see Get-QChildResources.
| ||
Get-QFileSystemSearchResults |
Search an NTFS folder or share for files. Using this command, you can search multiple data roots at once. | ||
Get-QHostResourceActivities |
Retrieve a list of the operations, including the resource ID assigned to each operation, performed against a managed host during a given time frame. For more information, see Get-QHostResourceActivities.
| ||
Get-QPerceivedOwners |
Calculate the perceived owners for a resource. This information can help to determine the true business owners and custodian for data.
| ||
Get-QResourceAccess |
Retrieve the security information of selected resources from a specific managed host, and child objects whose security differs from the parent. | ||
Get-QResourceActivity |
Retrieve the activity associated with a resource. For more information, see Get-QResourceActivity.
| ||
Get-QResourceSecurity |
View the security on a given resource in the SSDL format. | ||
Set-QResourceSecurity |
Set security on a given resource.
|
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy