Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager Data Governance Edition 8.1.4 - User Guide

One Identity Manager Data Governance Edition User Guide Data Governance node and views Administering Data Governance Edition Managing unstructured data access
Managing resource access Managing account access Working with security permissions Working with SharePoint security permissions Account access modeling Bringing data under governance
Classifying governed resources Managing governed resources using the web portal Data Governance Edition reports Troubleshooting EMC, NetApp Filer, and SharePoint configuration details PowerShell commands Governed data attestation policies Governed data company policies Governed data risk index functions

Data Governance Edition deployment

The following commands in the OneIdentity.DataGovernance snap-in can be used to deploy and configure the Data Governance Edition. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 77: Data Governance Edition deployment commands

Use this command

If you want to

Get-QDeploymentInfo

View deployment information for your Data Governance server including the deployment name.

Get-QEncryptionOptions

Retrieve the current encryption options used by One Identity Manager and show whether Data Governance Edition has been configured to use encryption.

Get-QServerAllLogs

Export all server logs to the designated folder.

Get-ServerVersion

View the version of the currently running Data Governance server.

Initialize-QDataGovernanceActivity

Initialize a database to store data generated when a managed host has resource activity tracking enabled.

NOTE: This information is required for several reports, including the Resource Activity report.

This is separate from the One Identity Manager database that stores configuration and security information.

Initialize-QDataGovernanceServer

Establish the database connection between One Identity Manager and Data Governance Edition. The Data Governance server must be initialized before you can use Data Governance Edition to manage your resources.

Register-QServiceConnectionPoint

Register service connection points in an Active Directory domain.

NOTE: This can be helpful when the service account registered for a domain does not have sufficient permissions to create a service connection point (SCP).

Remove-QServiceConnectionPoint

Remove the DataGovernance.Server Service Connection Point (SCP) from an Active Directory domain.

NOTE: This cmdlet can be helpful when you want to remove all Data Governance Edition SCPs from a single Data Governance Edition deployment or all deployments. To recreate an SCP which you inadvertently removed, restart your Data Governance service.

Set-QDeploymentInfo

Change the deployment parameters for the Data Governance server including the deployment name.

NOTE: Changing this value can prevent the Data Governance service from communicating with existing agents. It is not recommended to change the deployment name of an existing server.

Set-QEncryptionOptions

Encrypt the Data Governance service account.

NOTE: Only use this command if you have enabled encryption for the One Identity Manager database.

Set-QServiceConnection

Set the server name and port information used by the Data Governance Edition commands to connect to the Data Governance server.

NOTE: You must run this command before you can use any of the Data Governance Edition commands.

Service account management

Data Governance Edition consolidates security information across many domains and forests by accessing these network entities using stored credentials (service accounts). These service accounts are Active Directory users granted the appropriate permissions in their respective domains and registered with Data Governance Edition.

The following commands are available to you to manage service accounts. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 78: Service account management commands

Use this command

If you want to

Add-QServiceAccount

Register an account as a service account for Data Governance Edition. When you add this service account, it is automatically granted the required Log On as a Service local user right on the Data Governance server.

Get-QLogonServiceAccount

Determine if the account can be used as a service account.

Get-QServiceAccounts

View a list of service accounts that have been created for the Data Governance server.

NOTE: You can optionally specify a service account id if you are only interested in a particular service account.

Remove-QServiceAccount

Remove a service account from the deployment.

NOTE: Remove any associated managed domains BEFORE removing a service account.

Set-QServiceAccountUpdated

Have the Data Governance server update a service account.

Managed domain deployment

Before you can gather information on the data in your enterprise, you must specify the domain that contains the computers and data that you want to manage. Then assign the service account to access the resources within them.

The following commands are available to you to deploy managed domains. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 79: Managed domain deployment commands

Use this command

If you want to

Add-QManagedDomain

Add a new domain to the Data Governance Edition deployment.

Get-QManagedDomains

View the list of managed domains in a deployment.

NOTE: You can optionally specify a managed domain ID if you are only interested in a particular domain.

Remove-QManagedDomain

Remove a managed domain from your deployment.

Agent deployment

The following commands are available to you to manage your agent deployment. For full parameter details and examples, see the command help, using the Get-Help command or the One Identity Manager Data Governance Edition Technical Insight Guide.

Table 80: Agent deployment commands

Use this command

If you want to

Get-QAgentEvents

View saved events for the specified agent from the One Identity Manager database. You can use this command to output the stored agent messages to the console or a text file to quickly identify issues.

Get-QAgentMetrics

View an agent’s activity and performance.

Set-QAgentConfiguration

Set the managed paths to be scanned.

NOTE: When you set the managed paths using the cmdlet, existing managed paths are overwritten.

NOTE: This cmdlet does not support setting managed paths for Cloud managed hosts.

Set-QAgentStateUpdated

Notify the Data Governance server that an agent has been updated and the server should process it.

Upgrade-QAgents

Upgrade the agents in your deployment.

NOTE: You can identify the agents to upgrade through their agent ID or on a managed host basis.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating