Move RSA Authentication Manager 8.1 users from the internal database to an external identity source along with their group membership
Originally Published: 2015-03-27
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
Platform (Other): Microsoft Active Directory 2008R2 and higher .
Issue
Tasks
1. Follow article 000026361 to move users to the new identity source.
2. From Reporting > Reports > Add New, click on the context arrow next to the report named All Users and choose Select.
2. From Reporting > Reports > Add New, click on the context arrow next to the report named All Users and choose Select.
- On the reporting page name the report.
- For output columns change the Show in Report options to have only UserID and Member of User Groups.
- Set up the Input Parameter Values options.
- Click Save.
- On the Report Page, click the arrow next to the report name and choose Run Report Job Now.
- Click Run Report.
- When the status is listed as Complete, go to the Completed tab, and click on the down arrow for the report.
- Choose Download CSV file.
3. Launch Active Directory
4. Create the RSA groups seen in the Security Console as security groups on the AD.
5. Create a script file named as script.ps1 with the text below and save it on the desktop:
4. Create the RSA groups seen in the Security Console as security groups on the AD.
5. Create a script file named as script.ps1 with the text below and save it on the desktop:
Import-module ActiveDirectory
Import-CSV "C:\Scripts\Users.csv" | % {
Add-ADGroupMember -Identity $_.MemberofUserGroups -Member $_.UserID
}Resolution
2. Filter the Member of User Groups column and remove the entries listed as <unavailable>.
3. Copy both columns and paste them in a new spreadsheet.
4. Create a directory on C:\ named Scripts.
5. Save the new spreadsheet as Users.csv in the C:\Scripts directory.
6. Open Users.csv and remove all headers other than User ID and Member of User Groups.
7. Change User ID to UserID and Member of User Groups to MemberofUserGroups.
8. Filter the MemberofUserGroups field and uncheck the <unavailable> field. When done, the file should look like the sample below:
9. Open Windows PowerShell and type the following to run the script created above:
cd .\Desktop .\script.ps110. When the script finishes, go to Active Directory Users and Computers. The users are now members in their corresponding security groups.
