Get-QAccountAccessOnHosts
For a given account (Domain\SAMAccountName), this cmdlet retrieves the account's resource access across all available hosts.
Note: This PowerShell cmdlet does not support Cloud managed hosts.
Syntax:
Get-QAccountAccessOnHosts [-AccountName] <String> [-AccountDomain] <String> [-ManagedHostList [<String>]] [-UriFilterPattern [<String>]] [-DirectOnly [<Switch Parameter>]] [-ResourceTypes [<String>]] [-OutputDirectory [<String>]] [-VerboseLogging [<Switch Parameter>]] [<CommonParameters>]
Table 184: Parameters
| AccountName |
Specify the name of the account to perform the access report on. |
| AccountDomain |
Specify the name of the domain to perform the access report on. |
| ManagedHostList |
(Optional) Specify the managed hosts to be included in the report.
If this parameter is not specified, all managed hosts are included. |
| UriFilterPattern |
(Optional) Specify a string to limit the report to only include resources whose URI contains the given text string. |
| DirectOnly |
(Optional) Specify this parameter to exclude indirect access to a resource from the results. |
| ResourceTypes |
(Optional) Specify the types of resources to be included in the report. Valid resource types are:
- Files
- Folders
- Shares
- LocalOSRights
- AdminRights
- SharePoint (includes all of other SharePoint resource types)
- SharePointResourceItems
- SharePointFarmAdminRights
- SharePointWebAppPolicies
- SharePointSiteCollectionAdminRights
If this parameter is not specified, all resource types are included. |
| OutputDirectory |
(Optional) Specify an absolute path to a directory where the results are to be saved. If the directory does not exist, it will be created.
If this parameter is not specified, the results are only written to the PowerShell output stream. |
| VerboseLogging |
(Optional) Specify this parameter to turn on verbose logging. |
Examples:
Table 185: Examples
|
Get-QAccountAccessOnHosts -AccountName Administrator -AccountDomain MyDomain -ResourceTypes @("SharePoint", "Folders") -OutputDirectory "C:\log.txt" -VerboseLogging |
Retrieves all SharePoint and folder access for account "Administrator" in domain "MyDomain". Verbose logging is enabled and the results will be saved in C:\log.txt. |
Details retrieved:
Table 186: Details retrieved
| RightType |
The access right type. |
| ItemResourceType |
The resource type. |
| ResourceURI |
The URI of the resource to which the trustee has access. |
| TrusteeDisplayName |
The display name of the trustee. |
| TrusteeSid |
The SID assigned to the account (trustee). |
| HostName |
The host where the resource resides. |
| Rights |
The specific access rights assigned. |
| AppliesTo |
What the rights apply to. |
| Inheritance |
The type of inheritance. |
Get-QAccountActivity
Retrieves the activity associated with a user on the specified managed host.
Note: This PowerShell cmdlet does not support Cloud managed hosts.
Syntax:
Get-QAccountActivity [-Trustees] <String[]> [-ManagedHostId] <String> [[-Extensions] [<String[]>]] [[-StartTime] [<DateTime>]] [[-EndTime] [<DateTime>]] [<CommonParameters>]
Table 187: Parameters
| Trustees |
The security identifier (SID) of the account whose activity you are interested in. |
| ManagedHostId |
The ID (GUID format) of the managed host you would like to see activity for.
Run the Get-QManagedHosts command to retrieve a list of managed hosts and their associated IDs. |
| Extensions |
(Optional) Specify the extensions of the file types to be excluded from the query. |
| StartTime |
(Optional) Specify the start date and time (UTC) if you only want to see activity for a time span.
Specify the start time in the following format: "23/01/2016 10:36.30 PM" |
| EndTime |
(Optional) Specify the end date and time (UTC) if you only want to see activity for a time span.
Specify the end time in the following format: "23/01/2016 10:37.30 PM" |
Examples:
Table 188: Examples
| Get-QAccountActivity S-1-5-21-3263556741-3296809600-1972185209-1104 3d7e4bb0-e9e2-4d98-b948-21ac7ba1eca6 |
Returns all the activity for the specified account on the managed host with Id 3d7e4bb0-e9e2-4d98-b948-21ac7ba1eca6. |
Details retrieved:
Table 189: Details retrieved
| NodeId |
The ID used to link the activity database to the QAMNode table. (AuditNodeId in QAMNode table.) |
| ManagedHostId |
The value (GUID format) assigned to the managed host where the resource is located. |
| ManagedHostName |
The name of the host where the resource is located. |
| ResourceId |
The ID assigned to the operation that was performed. |
| ParentResourceId |
Shows which resource in the activity database is the parent. |
| ResourcePath |
For file system resources, the path of the resource. |
| SharePointPath |
For SharePoint resources, the path of the resource. |
| TypeResource |
The type of resource. |
| Operation |
The type of operation performed against the resource. |
| StartTime |
The start date and time for collecting resource activity. Activity is stored in 'time spans'. |
| EndTime |
The end date and time for collecting resource activity. Activity is stored in 'time spans'. |
| TrusteeType |
The type of account. |
| TrusteeName |
The display name of the trustee that initiated the operation. |
| TrusteeSid |
The security identifier (SID) assigned to the account (trustee) that initiated the operation. |
| AuditTrusteeId |
The ID associated with the account that performed the operation. (UID_QAMTrustee in QAMTrustee table.) |
| AccessCount |
The number of times the operation occurred during the aggregation interval. |
Get-QAccountAliases
Returns the account aliases. This can be used to see the group membership for a specific trustee. For example, if one of these groups (aliases) has access to a resource, the original account will also have this same access.
Syntax:
Get-QAccountAliases [-AccountSid] <String> [-AccountDomain] <String> [<CommonParameters>]
Table 190: Parameters
| AccountSid |
Specify the security identifier (SID) of the account. |
| AccountDomain |
Specify the name of the domain the account is in. |
Examples:
Table 191: Examples
| Get-QAccountAliases -AccountSid S-1-5-21-3765505745-248418262-535198764-1133 mydomain.dge.dev.hal.com |
Returns the aliases related to the specified account. |
Details retrieved:
Table 192: Details retrieved
| Sid |
The security identifier (SID) assigned to the account aliases. |
| DomainDnsName |
The DNS name of the domain where the account is located. |
| TrusteeType |
The type of account. |
Get-QAccountsForHost
Retrieves all account access for a specific managed host.
Syntax:
Get-QAccountsForHost [-ManagedHostId] <String> [<CommonParameters>]
Table 193: Parameters
| ManagedHostId |
Specify the ID (GUID format) of the managed host to be queried.
Run the Get-QManagedHosts cmdlet without any parameters to retrieve a list of managed hosts and associated IDs. |
Examples:
Table 194: Examples
| Get-QAccountsForHost -ManagedHostId 5b3e4a3c-9c7b-4da1-b6bc-db552ee51656 |
Retrieves a list of the accounts related to the specified managed host. |
Details retrieved:
For each account that has access to the given host, the following information is returned.
Table 195: Details retrieved
| TrusteeName |
A list of the accounts (trustees) for the managed host. |
| TrusteeSid |
The security identifier (SID) assigned to each account (trustee). |
| TrusteeType |
The type of account. For a list of trustee types, see Trustee types |
| AccessibleHosts |
Shows all of the hosts that the account has access to.
This host list also shows for each account that has access to the specified host, what other hosts they have access to. |
