Move RSA Authentication Manager 8.1 users from the internal database to an external identity source along with their group membership
3 years ago
Originally Published: 2015-03-27
Article Number
000047173
Applies To
RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager
RSA Version/Condition:  8.1
Platform (Other): Microsoft Active Directory 2008R2 and higher .

 
Issue
Knowledge base article 000026361 provides information on migrating Authentication Manager 8.1 users from the internal database to an external identity source, such as Active Directory but with that solution user group membership is not copied since the groups are not migrated,  This causes the users to be removed from their groups.
Tasks
To have users retain their group membership, do the following:
1.  Follow article 000026361 to move users to the new identity source.
2.  From Reporting > Reports > Add New, click on the context arrow next to the report named All Users and choose Select
  • On the reporting page name the report. 
  • For output columns change the Show in Report options to have only UserID and Member of User Groups.
  • Set up the Input Parameter Values options.
  • C lick Save.
  • On the Report Page, click the arrow next to the report name and choose Run Report Job Now.
  • Click Run Report.
  • When the status is listed as Complete, go to the Completed tab, and click on the down arrow for the report.
  • Choose Download CSV file. 
3.  Launch Active Directory
4.  Create the RSA groups seen in the Security Console as security groups on the AD.
5.  Create a script file named as script.ps1 with the text below and save it on the desktop:
Import-module ActiveDirectory
Import-CSV "C:\Scripts\Users.csv" | % { 
Add-ADGroupMember -Identity $_.MemberofUserGroups -Member $_.UserID
}
Resolution
1.  Open the .csv file with Excel.
2.  Filter the Member of User Groups column and remove the entries listed as <unavailable>.
3.  Copy both columns and paste them in a new spreadsheet.
4.  Create a directory on C:\ named Scripts.
5.  Save the new spreadsheet as Users.csv in the C:\Scripts directory.
6.  Open Users.csv and remove all headers other than User ID and Member of User Groups.
7.  Change User ID to UserID and Member of User Groups to MemberofUserGroups.
8.  Filter the MemberofUserGroups field and uncheck the <unavailable> field.  When done, the file should look like the sample below:

User-added image

9.  Open Windows PowerShell and type the following to run the script created above: 
cd .\Desktop 
.\script.ps1
10.  When the script finishes, go to Active Directory Users and Computers.  The users are now members in their corresponding security groups.

Related Articles

Trending Articles

Don't see what you're looking for?