This command can be used to move a user and/or tokens to a new security domain. The command can move all users or individual users by default login. Optionally, all tokens, assigned token or no tokens can be moved to the new security domain.
If Security Domain and Identity Source are not provided, then the default identity source (Internal Database) and the default security domain (System Domain) will be used.
DefLogin: If DefLogin contains an entry, that specific user account will be moved. If Deflogin contains the value "<all>" (without the quotes) all user accounts will be moved to the DestinationSecurityDomain. Case is not significant for <all>.
DestinationSecurityDomain: This variable is used to declare the security domain to move the user account to and it must already exist in the Authentication Manager database.
Logon with the rsaadmin account and enter the rsaadmin password when prompted
Copy the file to the Authentication Manager directory.
Run the file using the command used in the /opt/rsa/am/utils directory:
./rsautil AMBulkAdmin -i <filename>.csv -a [superadmin] -P ‘[password]’
The command shown here changes the users domain from SystemDomain to new domain created from the Security Console.
Change the security domain to a new security domain
There is an optional field called SecurityDomain that has a default value of SystemDomain. Because that is the default value for the field, so in this case you do not need to include it when moving users from SystemDomain to another security domain.
After running the AMBulkAdmin utility, the security domain shown in the Security Console has changed to newsubdomain:
Change the security domain to the SystemDomain
This example changes the users domain back to the SystemDomain, which is the default domain.
The value of the current domain must be specified in the .txt or .csv file, as the default value of this header will be SystemDomain. If the value is not specified, the function will not work because the system will read the file as moving the users from SystemDomain to SystemDomain.
As shown here, the security domain has changed from newsubdomain back to SystemDomain:
To move the token and user to a different security domain add the field MiscVariable to the function, as defined below:
MiscVariable This option is used to control weather or not tokens will be moved. The possible values for MiscVariable are: IfDefLogin contains a userID: 0 - Move tokens assigned to specific user 1 - Do not move any tokens assigned to the specific user.