Move RSA Authentication Manager 8.1 users from the internal database to an external identity source along with their group membership
RSA Product Set: SecurID RSA Product/Service Type: Authentication Manager RSA Version/Condition: 8.1 Platform (Other): Microsoft Active Directory 2008R2 and higher .
Knowledge base article 000026361 provides information on migrating Authentication Manager 8.1 users from the internal database to an external identity source, such as Active Directory but with that solution user group membership is not copied since the groups are not migrated, This causes the users to be removed from their groups.
To have users retain their group membership, do the following:
1. Follow article 000026361 to move users to the new identity source. 2. From Reporting > Reports > Add New, click on the context arrow next to the report named All Users and choose Select.
On the reporting page name the report.
For output columns change the Show in Report options to have only UserID and Member of User Groups.
Set up the Input Parameter Values options.
On the Report Page, click the arrow next to the report name and choose Run Report Job Now.
Click Run Report.
When the status is listed as Complete, go to the Completed tab, and click on the down arrow for the report.
Choose Download CSV file.
3. Launch Active Directory 4. Create the RSA groups seen in the Security Console as security groups on the AD. 5. Create a script file named as script.ps1 with the text below and save it on the desktop:
1. Open the .csv file with Excel. 2. Filter the Member of User Groups column and remove the entries listed as <unavailable>. 3. Copy both columns and paste them in a new spreadsheet. 4. Create a directory on C:\ named Scripts. 5. Save the new spreadsheet as Users.csv in the C:\Scripts directory. 6. Open Users.csv and remove all headers other than User ID and Member of User Groups. 7. Change User ID to UserID and Member of User Groups to MemberofUserGroups. 8. Filter the MemberofUserGroups field and uncheck the <unavailable> field. When done, the file should look like the sample below:
9. Open Windows PowerShell and type the following to run the script created above:
10. When the script finishes, go to Active Directory Users and Computers. The users are now members in their corresponding security groups.