Use this command to copy a search in the installation.
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
$search = Get-CASearches $connection | ? {$_.Name –eq “New Search for Employee”}
Use this command to create a search in the installation.
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
$searchDefinition = Get-Content C:\Users\Admin\Documents\MySearchDefinition.xml
Use this command to move a search from one folder path to another in the installation.
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
$search = Get-CASearches $connection | ? {$_.Name –eq “All AD Queries in the last 30 days”}
Use this command to remove a public or private search from the installation.
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
$search = Get-CASearches $connection | ? {$_.Name –eq “All Exchange Admin Events”}
Remove-CASearch $connection –Search $search
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
Remove-CASearch $connection –Search $search
Use this command to create a search folder in the installation.
A connection obtained by using the Connect-CAClient command. | |
A switch that specifies if the search is public. The default is private. | |
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
Add-CASearchFolder –Connection $connection –IsPublic –Path Shared\Searches\New
Use this command to remove a public or private folder from the installation.
A connection obtained by using the Connect-CAClient command. | |
An optional parameter that removes the prompt before a search is removed. |
$connection = Connect-CAClient –InstallationName ‘DEFAULT’
Remove-CASearchFolder $connection –IsPublic –Path Shared\Miscellaneous\OldSearches
Managing Windows file system auditing is available through the following PowerShell commands:
Use this command to define a folder or file paths to audit.
Use this command to create a Windows file system auditing template.
Use this command to delete a Windows File System auditing template.
A connection obtained by using the Connect-CAClient command. | |
The CAWindowsFSAuditTemplate object to remove. Obtain the template objects using the Get-CAWindowsFSAuditTemplates command and filter to select the object to remove. | |
Removes template without prompting for a confirmation. The default is false. |
Remove-CAWindowsFSAuditTemplate -Connection $connection -Template $removeTemplate
Use this command to edit an existing Windows File System auditing template.
A connection obtained by using the Connect-CAClient command. |
Get-CAWindowsFSAuditTemplates -Connection $connection
Use this command to get a list of all available Windows File System auditing event classes.
A connection obtained by using the Connect-CAClient command. |
Get-CAWindowsFSEventClassInfo -Connection $connection
The following commands are available to manage Fluid File System auditing:
Use this command to see a list of all Fluid File Service clusters available to audit.
A connection obtained by using the Connect-CAClient command. |
Get-CAFluidFSClusters -Connection $connection
A connection obtained by using the Connect-CAClient command. | |
Use this command to get a list of all available FluidFS event classes.
A connection obtained by using the Connect-CAClient command. |
Get-CAFluidFSEventClassInfo -Connection $connection
Use this command to see all the Fluid File System templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
Example: Get a list of all FluidFS templates
Get-CAFluidFSTemplates -Connection $connection
Use this command to get a list of all volumes on a specified cluster.
A connection obtained by using the Connect-CAClient command. | |
The name of the cluster from which to retrieve volume names. | |
Example: See a list of all available volumes on a cluster
Use this command to define which volumes to audit.
Use this command to create a Fluid File System auditing template.
Returns: A FluidFS template object.
A connection obtained by using the Connect-CAClient command. | |
The Change Auditor agents that are to receive the FluidFS events. | |
A connection obtained by using the Connect-CAClient command. | |
Clear-FluidFSTemplate -Connection $connection -Template $template
Use this command to edit an existing Fluid File System template.
NOTE: You can also use the Enable-CAAgentTemplate and Disable-CAAgentTemplate to enable or disable the template. |
A connection obtained by using the Connect-CAClient command. | |
The Change Auditor agents that are to receive the FluidFS events. | |
A connection obtained by using the Connect-CAClient command. | |
The service account credentials for the cluster to use when encrypting events. |
NOTE: When you delete a template (see Remove-CAAgentTemplate), the web application created in Azure Active Directory remains. You can delete the web application using the Azure management portal. If you do not have the portal, see https://technet.microsoft.com/en-us/library/dn832618.aspx for instructions. |
Use this command to create a template for auditing Azure Active Directory.
$connection = Connect-CAClient –InstallationName ‘Default'
The following permissions must be assigned to the Azure web application:
Once the required permissions are applied, click Grant admin consent for… and confirm with Yes.
An agent object obtained using the Get-CAAgents command. The agent will be used for Azure Active Directory auditing.
| |||
A connection obtained by using the Connect-CAClient command. | |||
Specifies whether auditing is enabled or disabled for Azure Active Directory. |
An agent object obtained using the Get-CAAgents command. The agent will be used for Azure Active Directory auditing.
| |||
A connection obtained by using the Connect-CAClient command. | |||
A template object obtained by the Get-CAAzureADTemplates command. | |||
Specifies that you want to create a new Azure web application. The Azure Active Directory sign-in page opens automatically.
To apply the consent to all the users in your organization, click to enable Consent on behalf of your organization and click Accept.
| |||
Set-CAAzureADTemplate -Connection $connection -Template $template -SignIns $True
-AuditLogs $True
Use this command to see all the Azure Active Directory templates available within your installation.
A connection obtained by using the Connect-CAClient command. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center