000029914 - Move RSA Authentication Manager 8.1 users from the internal database to an external identity source along with their group membership

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029914
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.1
Platform (Other): Microsoft Active Directory 2008R2 and higher .

IssueKnowledge base article 000026361 provides information on migrating Authentication Manager 8.1 users from the internal database to an external identity source, such as Active Directory but with that solution user group membership is not copied since the groups are not migrated,  This causes the users to be removed from their groups.
TasksTo have users retain their group membership, do the following:
1.  Follow article 000026361 to move users to the new identity source.
2.  From Reporting > Reports > Add New, click on the context arrow next to the report named All Users and choose Select

  • On the reporting page name the report. 
  • For output columns change the Show in Report options to have only UserID and Member of User Groups.
  • Set up the Input Parameter Values options.
  • Click Save.
  • On the Report Page, click the arrow next to the report name and choose Run Report Job Now.
  • Click Run Report.
  • When the status is listed as Complete, go to the Completed tab, and click on the down arrow for the report.
  • Choose Download CSV file.
3.  Launch Active Directory
4.  Create the RSA groups seen in the Security Console as security groups on the AD.
5.  Create a script file named as script.ps1 with the text below and save it on the desktop:

Import-module ActiveDirectory
Import-CSV "C:\Scripts\Users.csv" | % {
Add-ADGroupMember -Identity $_.MemberofUserGroups -Member $_.UserID
Resolution1.  Open the .csv file with Excel.
2.  Filter the Member of User Groups column and remove the entries listed as <unavailable>.
3.  Copy both columns and paste them in a new spreadsheet.
4.  Create a directory on C:\ named Scripts.
5.  Save the new spreadsheet as Users.csv in the C:\Scripts directory.
6.  Open Users.csv and remove all headers other than User ID and Member of User Groups.
7.  Change User ID to UserID and Member of User Groups to MemberofUserGroups.
8.  Filter the MemberofUserGroups field and uncheck the <unavailable> field.  When done, the file should look like the sample below:

User-added image
9.  Open Windows PowerShell and type the following to run the script created above:
cd .\Desktop 

10.  When the script finishes, go to Active Directory Users and Computers.  The users are now members in their corresponding security groups.