予定されていた保守を実行中のため、サポートサイトでのフォームの送信が一時的に利用できません。 すぐにサポートが必要な場合は、テクニカルサポートまでお問い合わせください。 ご不便をおかけして申し訳ありません。
オンラインヘルプの参照
登録の完了
サインイン
価格設定をリクエスト
営業担当に連絡
製品バンドルが選択されました。 リクエストにより良く対応できるように、個別の製品を選択していただけますか? *
現在、テクニカル・サポート・エンジニアはお客様のチャットに対応できません。 迅速にサービスを受けられるよう、サービス・リクエスト・フォームを使用して
お客様の説明に基づいて、以下の記事が問題解決に役立つ可能性があります。
Node credentials are provided when a discovery node is created, and you can modify them as needed. By default, the node’s credentials are used to enumerate scopes and access on-premises targets.
If you want to use different credentials for a particular discovery, you can configure them in the Discovery Wizard. By using these alternate credentials, you can target anything on-premises for which you have credentials, in any domain. You can minimize the permissions given to node credentials, and use alternate credentials for scoping and collecting your on-premises discoveries.
The following table outlines the use of the node and alternate credentials, and how to properly configure your environment to ensure successful data collection:
Discovery Node
Enterprise Reporter Server
Provide server with job status, errors, statistics and logs.
Configured during node creation, or when you edit the node properties to change the credentials.
The node credentials must have local administrator access to the host computer and be a member of the group “Reporter_Discovery_Nodes”.
Shared Data Location (if the cluster is configured to use one)
Read and write to the shared data location during data collection.
The shared data location is configured during the creation of a cluster. Ensure the node has read and write access to this file share.
For more information, see the Things to Consider Before Creating a Cluster section in the Configuration Manager User Guide
Enterprise Reporter Database
There are two options for communicating with the database:
1. You can use the same service credentials that the node service uses.
2. You can specify SQL credentials only for use when the database is accessed.
The credentials you choose must be able to read and write to the database.
The account must be in the Reporter_Discovery_Nodes security group. (Note that if you use the same account as the Enterprise Reporter server it is already permissioned appropriately).
If you use SQL authentication to connect with the database, you must manually permission the SQL user, either by adding them to the database role Discovery_Nodes_Role or by permissioning specific tables in the database.
Targets
Read access on all targets.
For on-premises discoveries, all domains with which the credentials have a forest or domain level trust will be enumerated.
If required, you can configure alternate credentials for specific discoveries, instead of using the default node credentials.
The targets are defined as part of a discovery. The discovery tasks are assigned to a particular node based on availability, so all nodes in a cluster should have access to all targets defined in all discoveries assigned to the node’s cluster.
For on-premises discoveries, ensure the node credentials or alternate credentials have read access to the target. In addition, a trust is required between the node computer and the targets.
For more information on Azure and Office 365 Discoveries, see Detailed permissions for Enterprise Reporter discoveries .
The following table outlines the permissions required for Enterprise Reporter discoveries.
Active Directory
An account with Active Directory read permissions is required to collect domain information, trusts, sites, domain controllers, and Active Directory computers, users, groups, and organizational units.
The account being a member of the Built-in Domain Users group is sufficient to assign read permissions.
Azure Active Directory
An identity with read permission for the discovery target tenant. Read permissions are required for collection of tenant information, Azure Active Directory users, groups, group members, roles, and service principals.
If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.
Also refer to credentials required to create and consent to the Enterprise Reporter Azure application required for this discovery. See the Configuration Manager User Guide
Azure Resource
An identity with read permissions for the discovery target tenant. Read permissions are required for collection of subscription, Resource groups, and resources.
Also refer to credentials required to create and consent to the Enterprise Reporter Azure Resource application required for this discovery.
Computer
An account with local administrator access on the scope computers to collect computer information, local groups and users, printers, services, policies, and event logs.
Exchange
To collect from Exchange targets, the credential account must have a mailbox on the target organization with access to read the permissions on the targets through EWS.
To collect from Exchange 2013, 2016, or Mixed Modes, the credentials must be a member of the Organization Management Group.
To collect from Exchange 2016 or Exchange 2019, the credentials must have an administrator role with an assigned “ApplicationImpersonation” role.
Exchange Online
An account with access to the discovery target tenant.
Read permission is required for collection of all Exchange Online information including mailboxes, mailbox delegates, public folders, mail-enabled users, mail contacts, distribution groups, group members, and permissions.
If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as previously stated.
File Storage Analysis
An account with local administrator access on the scoped computer is required to collect file, folder, share, and home drive analysis data.
For permissions required when collecting NAS devices, see Permissions for Enterprise Reporter discoveries on NAS devices .
Microsoft SQL
An account with local administrator access on the SQL Server is required.
Additionally, the account must have read access to the scoped database to collect database information.
At a minimum, if not using fixed roles, the following SQL permissions are required on the securable object being used for collection.
Microsoft Teams
The user credentials used to collect Microsoft Teams information must have either the Teams Administrator or Global Administrator permissions.
The user must also be a member of each Microsoft Teams group to prevent access denied errors during disk discovery.
Also refer to credentials required to create and consent to the Enterprise Reporter Microsoft Teams application required for this discovery.
NTFS
If collecting through the administrator share, an account with local administrator access to the scoped computer is required.
If collecting through a network share, an account with read permissions to the scoped shares is required.
OneDrive
An account with access to the discovery target tenant. Administrator permissions are required for collection of all drives including drive information, configuration settings, files, folders, and permissions. A SharePoint administrator role is recommended.
Additionally, the discovery credentials must have site collection administrator rights to each drive that is being collected.
Also refer to credentials required to create and consent to the Enterprise Reporter OneDrive application required for this discovery.
Registry
An account with local administrator access to the scoped computer is required to collect registry information.
SharePoint Online
An account with access to the discovery target tenant. Administrator permissions are required for collection of all SharePoint Online site collections, including tenant settings and policies, site information, and permissions. A SharePoint administrator role is recommended.
Additionally, the discovery credentials must have site collection administrator rights to each site collection that is being collected. If additional credentials are being specified to minimize Azure throttling limitations, these credentials must have the same permissions as stated above.
Also refer to credentials required to create and consent to the Enterprise Reporter SharePoint Online application required for this discovery.
NetApp Cluster Mode
Multiple virtual machines belong to a single cluster. All of these virtual machines can be specified as discovery targets. These virtual machines must be part of a domain.
The NAS configuration must point to the cluster (name or IP address) with credentials that have read access to the cluster. These would typically be administrator credentials.
NetApp 7 Mode
In NetApp 7 mode, data can be collected on the storage controller or vFilers that are derived from the storage controller. Credentials with read access to the controller and vFiler are required.
NetApp Storage Controller
NetApp Filer
The vFiler can be a discovery target. In this case, the NAS configuration must point to the storage controller from which the vFilers are derived and the credentials must have read access to the storage controller.
Dell Fluid FS
The discovery target can be any Fluid FS VM. The NAS configuration must be the machine name or IP where Dell Enterprise Manager is installed and credentials must have access to Dell Enterprise Manager.
EMC Isilon
The discovery target can be any Isilon virtual machine. The NAS configuration must be the machine or IP that hosts the OneFS administration site and the credentials must have read access to it. By default, the connection is established using https and, if the connection is not deemed to be secure, the discovery will fail.
Enterprise Reporter requires Azure applications for the collection of Azure and Office 365 objects and attributes. These applications must be registered in the Azure portal and consent must be granted for delegated permissions. To manage tenant applications used by Enterprise Reporter, you use the Configuration | Application Tenant Management option.
For the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter OneDrive Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.
Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter OneDrive Discovery application, the following delegated permissions are required:
For the Azure Active Directory discovery, the Exchange Online discovery, and the collection of group members for the OneDrive discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.
Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure discovery application, the following delegated permissions are required:
For the Azure Resource discovery, an application with a name that begins with “Quest Enterprise Reporter Azure Resource Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.
Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Enterprise Reporter Azure Resource discovery application, the following delegated permissions are required:
For the Microsoft Teams discovery, an application with a name that begins with “Quest Enterprise Reporter Microsoft Teams Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.
Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter Microsoft Teams Discovery application, the following delegated permissions are required:
For the SharePoint Online discovery, an application with a name that begins with “Quest Enterprise Reporter SharePoint Online Discovery” is created. To create this application in your tenant, you must specify an account with administrative access to create applications. The account must have the Global Administrator role to be able to create and consent to the application.
Once created, the application must also be delegated permissions and an administrator must consent to the application’s permissions using the Microsoft consent wizard. For the Quest Enterprise Reporter SharePoint Online Discovery application, the following delegated permissions are required:
Quest *product*のオンラインサポートヘルプは、関連会社のサポートサイトで参照できます。「Continue(続行)」をクリックすると、*product*の適切なサポートコンテンツとアシスタンスへ移動します。
The document was helpful.
評価を選択
I easily found the information I needed.
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center
Quest Softwareポータルでは、IE8、9、10のサポートを終了しました。ブラウザを最新バージョンのInternet ExplorerまたはChromeにアップグレードすることをお勧めします。
IE 11へのアップグレード: ここをクリック
Chromeへのアップグレード: ここをクリック
の優れたセルフサービス機能を最大限に活用していただけるよう、IE8、9、10以外のブラウザをぜひご利用ください。