AddAuditServerAccount method
Adds a management database account to the list of accounts allowed to access this audit store database.
Syntax
void AddAuditServerAccount(
string userName,
bool isWindowsAccount
)
Parameters
Specify the following parameters when using this method.
Parameter | Description |
username |
The user name of the management database account you want to add. If the account is a Windows system account, use the Windows domain account name for this parameter. |
bool |
Set to true if the account you’re adding is a Windows system or domain account; otherwise, false. |
Errors
The AddAuditServerAccount
method may throw one of the following exceptions:
Centrify.DirectAudit.Common.Logic.AuthenticationException
if you do not have permission to connect to the Microsoft SQL Server instance or the management database.Centrify.DirectAudit.Common.Logic.ConnectDatabaseException
if you cannot connect to the Microsoft SQL Server instance either because the Microsoft SQL Server instance is not running and does not allow remote connections.Centrify.DirectAudit.Common.Logic.UnauthorizedException
if you do not have the Manage SQL Login permission on the audit store.
Discussion
When you attach a new database to the audit store, you must set the database to allow access by the management database account. If the management database account is a Windows system account, you must explicitly specify the Windows domain account name in the username
parameter. For other Windows accounts and for SQL accounts, you can pass the management database’s Account.UserName
property to this method as the user name.
Example
The following code sample first checks each account to see if it’s a Windows system account. If the installation does not use a system account, the code passes the Account.UserName
property to the AddAuditServerAccount
method as the user name. If the installation uses a system account, it passes the Windows domain account name instead.
... ' Grant permission to management database to access the audit store database SET objAuditServers = objInstallation.AuditServers FOR EACH objAuditServer IN objAuditServers SET objAuditServerAccount = objAuditServer.OutgoingAccount IF NOT objAuditServerAccount.IsSystemAccount THEN objAuditStoreDatabase.AddAuditServerAccount & _ objAuditServerAccount.UserName, & _ objAuditServerAccount.IsWindowsAccount wscript.echo "Added management database account '" & objAuditServerAccount.UserName & "'." ELSE 'Add management database accounts for those management databases running in ' system account; e.g. NT Authority/Network Service ' DIM strAuditServerAccount DIM isAuditServerWindowsAccount isAuditServerWindowsAccount = true strAuditServerAccount = "DOMAIN\MACHINE$" objAuditStoreDatabase.AddAuditServerAccount strAuditServerAccount, & _ isAuditServerWindowsAccount wscript.echo "Added management database account '" & strAuditServerAccount & "'." END IF NEXT