Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.0 - User Guide

Introduction Data Governance navigation node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting Appendix: EMC, NetApp Filer, and SharePoint configuration details Appendix: PowerShell commands Appendix: Governed data attestation policies Appendix: Governed data company policies Appendix: Governed data risk index functions About us

Service account management

Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.

The following commands are available to you to manage service accounts. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 83: Service account management commands

Use this command

If you want to

Add-QServiceAccount

Register an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user right on the Data Governance server.

Get-QLogonServiceAccount

Determine if the account can be used as a service account.

Get-QServiceAccounts

View a list of service accounts that have been created for the Data Governance server.

NOTE: You can optionally specify a service account id if you are only interested in a particular service account.

Remove-QServiceAccount

Remove a service account from the deployment.

NOTE: Remove any associated managed domains BEFORE removing a service account.

Set-QServiceAccountUpdated

Have the Data Governance server update a service account.

Managed domain deployment

Before you can gather information on the data in your enterprise, you must specify the domain that contains the computers and data that you want to manage. Then assign the service account to access the resources within them.

The following commands are available to you to deploy managed domains. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 84: Managed domain deployment commands

Use this command

If you want to

Add-QManagedDomain

Add a new domain to the Data Governance Edition deployment.

Get-QManagedDomains

View the list of managed domains in a deployment.

NOTE: You can optionally specify a managed domain ID if you are only interested in a particular domain.

Remove-QManagedDomain

Remove a managed domain from your deployment.

Agent deployment

The following commands are available to you to manage your agent deployment. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 85: Agent deployment commands

Use this command

If you want to

Get-QAgentEvents

View saved events for the specified agent from the One Identity Manager database. You can use this command to output the stored agent messages to the console or a text file to quickly identify issues.

Get-QAgentMetrics

View an agent’s activity and performance.

Set-QAgentConfiguration

Set the managed paths to be scanned.

NOTE: When you set the managed paths using the cmdlet, existing managed paths are overwritten.

NOTE: This cmdlet does not support setting managed paths for Cloud managed hosts.

Set-QAgentStateUpdated

Notify the Data Governance server that an agent has been updated and the server should process it.

Upgrade-QAgents

Upgrade the agents in your deployment.

NOTE: You can identify the agents to upgrade through their agent ID or on a managed host basis.

Managed host deployment

A managed host is any network object that can host resources and can be assigned an agent to monitor security and resource activity. Currently supported hosts include Windows computers, Windows clusters, NetApp storage devices, EMC storage devices, DFS, and SharePoint farms.

You can also add generic managed hosts (Server Message Block (SMB) shares running on any Active Directory joined computer) to remotely scan their resources.

The following commands are available to you to deploy managed hosts. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 86: Managed host deployment commands

Use this command

If you want to

 

Add-QDfsManagedHost

Register a domain-based distributed file system root. This enables you to view and manage the access on resources that are physically distributed throughout your network.

 

Add-QManagedHostByAccountName

Add a managed host to your deployment and configure its settings.

NOTE: This cmdlet does not support adding Cloud managed hosts.
 

Clear-QResourceActivity

Clear the resource activity for a given managed host. This enables you to remove activity data from the database on demand when it is no longer required.

For scheduled activity cleanup, use the activity compression/deletion settings in the Data Governance server configuration file instead.

NOTE: Once you clear the activity, it cannot be recovered.
 

Get-QHostsforTrustee

View a selected user or group’s access on all managed hosts in your environment.

 

Get-QManagedHosts

View a list of all the managed hosts in your deployment.

NOTE: If you are interested in only one managed host, you can specify the host's name or the ID (GUID format) of the managed host. You can also choose to specify all the managed hosts in a particular container.
 

Remove-QManagedHost

Remove a managed host from your deployment.

 

Set-QManagedHostProperties

Change the properties of a managed host.

NOTE: You must know the managed host ID.
 

Set-QManagedHostUpdated

Inform the Data Governance server that the managed host state should be updated.

 

Trigger-QDfsSync

By default the Data Governance server synchronizes the DFS structure into the One Identity Manager database every 24 hours. Use this cmdlet to force a DFS synchronization of a DFS managed host, making the DFS path immediately available within the Resource browser.

NOTE: You must specify the ID (GUID format) of the managed host to be synchronized. To synchronize all of the DFS managed hosts in your deployment, set the ManagedHostID to All.
 
Related Documents