Existing RSA setup is having tokens with users for ab.com domain.
now ab.com domain Identity Source is linked with new RSA setup and users are present but don't have token.
is it possible that we can assign same token in the target setup for the users for which token is already assigned in existing RSA setup?
the tokens are already assigned to the users in ab.com domain.
will export user with tokens release the token from users in existing domain so that they can be assigned to the users in the new setup where domain is same.?
i don't want to delete the directory for now, later it can be removed.
then what will be the process for assigning same token to the users in target setup?
and while assigning the token ;error says:
"There was a problem processing your request.
cannot add or manage a user with user ID{0}. user IDs must be unique within a deployment. This user ID is already in use."
we are having 2 identity sources in same RSA setup, different domain, userid mapped to samAccountName in both IS and want to migrate users and tokens from one domain to other.
i searched for the user , it is appearing 2 times but domains are different. in 1 domain we have disabled user , in new domain it is active but while assigning token we are getting above error.
if i want to avoid this error for other user migration what will be the process?
You need the original Identity Source UserId to disappear or not be seen, either deleted or moved in the directory to be out of scope. That is so you do not have duplicate UserIDs.
so if i delete the user from the old domain, then i should be able to assign token to the user in new domain, right?
if i delete user from rsa , will it be deleted from AD too?
i have to migrate other users as well, what i should do to avoid this issue.
so if i delete the user from the old domain, then i should be able to assign token to the user in new domain, right?
Yes but before that the user association of the token needs cleanup, so the Clean Up Unresolvable Users is a must.
if i delete user from rsa , will it be deleted from AD too?
No.
is it possible to delete the user from RSA which is coming from external AD?
You'd have to delete that user in AD, since the only reason this user shows in AM is through the external LDAP Identity Source (AD). It's a read-only connection - except for AD passwords if you use LDAPS
The association of the token with the userid happens in the RSA database, not in AD.
If the userid's and first/last name are the same, then one option is to use import/export users and tokens, and import to the new system. Or just import/export the tokens only, and assign them manually.