Chat now with support
Chat mit Support

Enterprise Reporter 3.2.2 - Configuration Manager User Guide

Product Overview Understanding Discoveries Creating Discoveries
Step 1. Create the Discovery Step 2. Choose what to include in your discovery (Scopes) Step 2a. Choose scopes for your discoveries
Choosing your Active Directory Scopes Choosing your Computer Scopes Choosing Your Exchange Scopes Choosing Your File Storage Analysis Scopes Choosing Your Microsoft SQL Scopes Choosing Your NTFS Scopes Choosing Your Registry Scopes
Step 2b: Choose scopes for your Office 365 discoveries Step 3. Schedule your Discovery Step 4: Review the summary
Managing Discoveries Configuring the Configuration Manager
Starting the Configuration Manager Finding Answers and Getting Help An Overview of Enterprise Reporter Communications and Credentials Required Logged In User Details Setting Up Your First Collection Computers Modifying your Deployment Improving the Performance of Your Discoveries What does the status of a node or cluster indicate? Using the Credential Manager Changing the Credentials used by the Enterprise Reporter Server Configuring Global Settings Global Discovery Settings
Troubleshooting Issues with Enterprise Reporter Appendix: PowerShell cmdlets Appendix: Encryption Key Manager Appendix: Log Viewer

Permissions for Enterprise Reporter Discoveries on NAS Devices

The following table outlines the permissions required for Enterprise Reporter discoveries.

Table 35. Permissions required for Enterprise Reporter discoveries on NAS Devices
Discovery Type
Permissions Required for Discovery Credential

NetApp Cluster Mode

Multiple virtual machines belong to a single cluster. All of these virtual machines can be specified as discovery targets. These virtual machines must be part of a domain.

The NAS configuration must point to the cluster (name or IP address) with credentials that have read access to the cluster. These would typically be administrator credentials.

NetApp 7 Mode

In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.

NetApp Storage Controller

In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.

NetApp Filer

The vFiler can be a discovery target. In this case, the NAS configuration must point to the storage controller from which the vFilers are derived and the credentials must have read access to the storage controller.

Dell Fluid FS

The discovery target can be any Fluid FS VM. The NAS configuration must be the machine name or IP where Dell Enterprise Manager is installed and credentials must have access to Dell Enterprise Manager.

EMC Isilon

The discovery target can be any Isilon virtual machine. The NAS configuration must be the machine or IP that hosts the OneFS administration site and the credentials must have read access to it. By default, the connection is established using https and, if the connection is not deemed to be secure, the discovery will fail.

Permissions for Enterprise Reporter Tenant Applications

Enterprise Reporter requires Azure applications for the collection of Azure and Office 365 objects and attributes. These applications must be registered in the Azure portal and consent must be granted for delegated permissions. To manage tenant applications used by Enterprise Reporter please refer to in the System | Configuration | Application Tenant Management section in the Enterprise Reporter Configuration Manager User Guide.

OneDrive Azure Application Permissions

For the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter One Drive Discovery” will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter One Drive Discovery application, the following delegated permissions are required:
Microsoft Graph: Read user files
Office 365 SharePoint Online: Read user files
Windows Azure Active Directory: Access the directory as signed-in user
Windows Azure Active Directory: Read directory data
Microsoft Graph: Have full control of all site collections
Azure Active Directory Application Permissions

For the Azure Active Directory discovery, the Exchange Online discovery, and the collection of group members for the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Discovery” will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Azure Discovery application, the following delegated permissions are required:
Microsoft Graph: Access directory as the signed in user
Microsoft Graph: Read all groups
Microsoft Graph: Read all users’ basic profiles
Microsoft Graph: Read all users’ full profiles
Microsoft Graph: Read directory data
Microsoft Graph: Read identity risky user information
Microsoft Graph: Read your organization’s security events
Azure Active Directory Graph: Access the directory as signed-in user
Azure Active Directory Graph: Read all groups
Azure Resource Application Permissions

For the Azure Resource discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Resource Discovery” will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Azure Resource Discovery application, the following delegated permissions are required:
Windows Azure Service Management API: Access Azure Service Management as organization users
Windows Azure Active Directory: Access the directory as signed-in user
Windows Graph: Read all users’ basic profiles
Microsoft Teams Application Permissions

For the Microsoft Teams discovery, an application with a name that begins with “Quest Enterprise Reporter Microsoft Teams Discovery” will be created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.

Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Microsoft Teams Discovery application, the following delegated permissions are required:
Microsoft Graph: Read all users’ basic profiles
Windows Azure Active Directory: Access the directory as signed-in user
Windows Azure Active Directory: Read all groups

Logged In User Details

 

Logged In User Details

The following table outlines the use of the logged in user credentials, and how to properly configure your environment to ensure successful data collection:

 

Table 36. Logged In User Credentials in Configuration Manager
From
To
Permission Details
Configuration

Configuration Manager

Enterprise Reporter Server

Must be a member of the Reporter_Discovery_Admins group in order to log in to the console.

Configuration Manager will send configuration and set up requests to the server.

Configuration is dependent on your deployment’s security group setup. See the System | Information page to determine the type of security in place.
For more information, see Configuring the Database and Security Groups in the Quest Enterprise Reporter Installation and Deployment Guide in the Technical Documentation.

For more information, see Configuring the Database and Security Groups.

Configuration Manager

Targets

Must be able to enumerate the targets during scope selection, unless alternate credentials are provided for the discovery.

All domains with which the credentials have a forest or domain level trust will be enumerated.

On each target, grant the user read access.

See also:
Server Service Credential Details
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen