• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• On Demand Global Settings Current
• On Demand Global Settings Current - User Guide

On Demand Global Settings Current - User Guide

Table of Contents  

Working with On Demand Overview of On Demand

Organizations Azure Active Directory tenants

Signing up for On Demand

Organizations and regions Signing up to On Demand

Signing in to On Demand with Multi-factor Authentication Signing in to On Demand with your existing Quest account Signing up for a new Quest account and signing in to On Demand On Demand subscriptions

Managing organizations and regions

Geographic regions Multiple organizations Displaying the current organization ID Creating a new organization Switching organizations Renaming organizations Displaying the organization ID

Adding users to an organization

Users and roles Default roles

Default role permissions

Adding a user and assigning a role Access Control: Roles

Viewing role permissions Creating a custom role Editing a custom role Adding a user to a role Deleting a custom role

Access Control: Users

Adding a user to your organization and assigning a role Editing user roles Removing a user from the organization

Inviting new users

Creating a Quest account and joining an existing On Demand organization Joining an existing On Demand organization Joining an existing On Demand organization with an Azure AD account

Managing your Azure tenants and on-premises domains

Tenants overview Adding tenants Managing admin consent permissions

About admin consent status Granting and regranting admin consent About revoking admin consent

Removing a tenant Managing your on-premises domains Adding an on-premises agent

Installing the agent using the command shell

Configuring an agent Automatic updates for on-premises agents Removing an agent Adding an Active Directory domain Removing a domain

On Demand Home page

Masthead

Masthead drop-down menu Information window On Demand Status page

Side navigation panel Dashboard

Tenant filter Tenant summary Needs your attention! Module tiles

Configuring settings

Access Control Subscriptions

Subscription details Managing subscriptions

Sharing a subscription Stop using a shared subscription Changing Owner When Moving from Trial to Paid Subscription

Subscription expiry

Stage 1: Your subscription expires in X days Stage 2: Subscription expired. Access denied. Stage 3: Subscription expired. Service disabled. Stage 4: Subscription expired. Data deleted.

Activity trail Notifications

Configuring notification recipients

Documentation roadmap

Global settings

Release Notes

More resources

Technical Support

Current operational status Contact support Module product support pages Information and discussion: Quest community forums

• Viewing Topics 45 - 48 of 90
•  Previous
• Next 

×

About revoking admin consent

Completely revoking admin consent removes all permissions granted for the On Demand application. Revoking admin consent is a manual process that must be performed in the Microsoft Azure portal.

NOTE: You can revoke or disable consent in the Microsoft Azure Portal.

Revoking admin consent in the Azure Portal

Revoking admin consent removes all permissions granted for the On Demand application.

To revoke admin consent

1	Log in to the Azure Resource Manager with the credentials for the Azure Active Directory tenant.

2	Click on the Azure Active Directory icon in the left menu.

3	In the Active Directory panel, select Enterprise applications.

4	In the Enterprise applications panel, select All applications.

5	Search for and select the Quest On Demand application.

6	In the Manage section of the left menu, select Properties.

7	At the top of the Properties pane, select Delete, and then select Yes to confirm you want to delete the application from your Azure AD tenant.

Alternately, to disable consent, you can disable a user from signing in.

To disable a user from signing in

1	Sign in to the Azure portal as the global administrator for your directory.

2	Search for and select Azure Active Directory.

3	Select Enterprise applications.

4	Search for and select the Quest On Demand application.

5	Select Properties.

6	Select No for Enabled for users to sign-in?.

7	Select Save.

Removing a tenant

By removing a tenant, you are beginning the process of disabling all module functions related to the tenant. When you remove a tenant, you are removing the tenant from the On Demand organization for all users and this action cannot be undone.

All module operations will stop after 30 days. At that point, the following operations are halted:

•	Active backups and provisioning actions will be cancelled.

•	Migration project and status information will be lost.

•	Audit event data will no longer be collected.

•	Attestation will no longer be initiated.

•	License and cost data will no longer be collected.

•	Assessment data will no longer be collected.

 

NOTE: If a tenant was inadvertently removed, it might be possible to restore a tenant and all the associated On Demand configuration for up to 30 days after it was removed from On Demand. In this situation, contact Technical Support. You must provide the tenant name, your organization ID, and the tenant region.

To remove a tenant

1	Click Tenants in the navigation panel on the left.

2	On the tenant tile for the tenant you want to remove, click Remove.

3	Review the list of results from the remove action and select each check box.

4	Click Remove Tenant.

When you previously added the tenant, a Service Principal was created in your tenant, under Enterprise applications, for each consent that you granted for this tenant. To remove the consents, log in to the Microsoft Azure portal and go to the Azure Active Directory Admin Center. Browse to Enterprise Applications, search for Quest on Demand -, and delete all the application records that you do not need.

Managing your on-premises domains

Managing your on-premises domains

In addition to managing your Azure tenants, On Demand provides support for connecting to on-premises domains in hybrid environments to perform data collection and management activities.

By installing an agent with a unique key and specifying domains to which the agent is connected, you can review information and perform actions in your hybrid environment. You start the process to install and configure an agent by selecting Tenants in the left navigation bar and selecting Hybrid Agents.

You can add on-premises domains to On Demand selecting Tenants in the left navigation bar and selecting Active Directory Domains. You can also add domains as part of the agent configuration process.

Agent prerequisites

You must meet the following prerequisites to download and install an agent for on-premises data collection from specified domains:

•	You must have the On Demand Organization Admin role and specifically must have the Can Configure Agents (core.configureAgents) permission.

•	You must have a passphrase, which you create on the How to Add an Agent page, that you enter when installing the agent.

•	You must have a valid paid subscription for the On Demand module with which you are using the agent. Currently, only On Demand License Management supports this feature.

•	The login account that you use to run the agent setup program must have local administrator rights.

The agent setup program will prompt you for service account credentials (username and password) that are used to run the agent service. The agent service account must be a domain account and must have local administrator rights on the computer on which the agent is being installed. Also, for License Management, the service account must have Write Members permissions on the directory group objects.

Adding an on-premises agent

The following steps describe the general process for installing and configuring the On Demand on-premises agent. For the detailed procedures, see To add an agent and To configure an agent .

For information about the permissions required to install an agent and the permissions needed by the agent service account, see Agent prerequisites .

1	Generate a passphrase on the How to Add an Agent page. Take note of the passphrase.

2	Add the agent to On Demand.

An agent package is generated with a unique key.

3	Download the agent package and copy it to the member server on which you want to run the agent.

4	Install the agent, specifying the required information including the passphrase.

Once agent is installed it connects to the On Demand organization.

5	Configure the agent specifying the actions it can perform and domains with which it works.

To add an agent

1	Log in to On Demand using the credentials you used to sign up for On Demand.

2	In the navigation panel on the left, click Tenants.

3	Click Hybrid Agents.

4	Click Add Agent,

When you click Add Agent, the How to Add an Agent page is displayed. You must create a passphrase that will be used when you install the agent.

5	To create a passphrase, use one of the following options:

•	Click Generate New to get a new passphrase.

•	Enter a passphrase manually. The passphrase can be from 4 to 100 words (32 to 1024 characters long).

•	Edit a displayed passphrase to make it more complex (such as adding numbers or characters).

•	Enter a passphrase word count (from 4 to 100 words) and click Generate New to get a passphrase of the specified word count. NOTE: The passphrase must be from 32 to 1024 characters long.

6	When you decide to use the displayed passphrase, click Copy and Continue.

The passphrase is copied to your clipboard. Ideally, you should paste it into a Notepad or Word document to keep for future reference.

7	Once the installation package is ready, click Download.

The agent package with a unique key is downloaded to your computer.

 

IMPORTANT: You must install the agent within 10 days or the unique key will expire. Also, you cannot re-use an agent package, even if you have removed the agent from a previous installation. You must download and install a separate agent on each server.

8	Copy the agent package to the server and double-click the AgentSetup.exe file.

The installer is packaged as a self-extracting executable. If you run the installer without arguments, it prompts you for the required installation parameters, including the folder where the agent should be installed. You also are asked for the passphrase that was copied to your clipboard.

For information about the available arguments, see Installing the agent using the command shell .

 

IMPORTANT: The maximum number of agents is limited to 10 per organization. If you need a higher number of agents, contact Quest Support.

9	In the command line console, enter the following information in response to the prompts:

•	Agent installation path: The folder to which the agent files will be extracted. If you do not specify the path, the default path is set to C:\QuestAgent.

•	Enter Y when you are prompted to install Quest On Demand On-Premises Agent.

•	Agent name - optional. If you do not specify an agent name, the NETBIOS name of the computer is used.

•

Credentials (user name and password) of the account that is used to run the agent service. The account specified must be a domain account and must have local administrator rights on the computer where the agent is being installed. Other required rights depend on the modules with which the agent will be used.

•	Passphrase - The generated passphrase that you generated on the How to Add an Agent page.

About agent installation

Depending on your browser and the download options that you configured, when you click Download, the AgentSetup.exe file is downloaded to the location you specify. In most cases the AgentSetup.exe file is downloaded to your Downloads folder.

The setup program is a console application. If you double-click the AgentSetup.exe file, a console window is opened and you are prompted for information such as installation folder and service user name and password. Optionally, you can open a command shell and manually execute the installer from the command line which allows you to specify arguments

The file name of the downloaded file is AgentSetup.exe. The installer is packaged as a self-extracting executable. If you run the installer without arguments, it prompts you for all required installation parameters, including the folder where the agent should be installed.

You can run the AgentSetup.exe from any directory (as long as you run the program on the computer on which it is to be installed). The self-extracting executable prompts you for the folder to which the agent files will be extracted. The self-extracting installation package extracts the files to the specified target folder and runs the setup program (Setup.exe) from the target folder.

Once an agent installation package is used to install the agent on a computer, you cannot use the same package to install the agent on another computer.

 

IMPORTANT: The installation key included in the installer is a unique one-time key that cannot be used again to install the agent elsewhere, even if you uninstall the agent from the current computer.

After you have installed the agent, it is recommended that you delete the file containing the passphrase (if you saved it to a file) and the downloaded agent installation package. However, do not delete the AgentSetup.exe file that was extracted.

•  Previous
• Viewing Topics 45 - 48 of 90
• Next 

Search this document Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center