Replicate Users and Predefined Role Assignments
The scripts in this section helps you migrate users and predefined role assignments of an environment to another.
About the Scripts
You use two distinct scripts: one to replicate users across identity domains and another to replicate predefined role assignments of the users. The order for running these scripts is as follows:
- Run the script for replicating users (
replicateusers
) and verify that all users are created in the target identity domain. The user running this script must have the Identity Domain Administrator and Service Administrator roles in both environments. - Run the script for replicating role assignments (
replicatepredefinedroles
).
Note:
- If the passwords contain special characters, see Handling Special Characters
- The scripts in this section work only for predefined roles: Service Administrator, Power User, User, and Viewer.
Running the Scripts
For information on creating the required scrips and batch files, see these topics:- Replicating the Users of One Identity Domain in Another
- Replicating Predefined Role Assignments from One Environment to Another
Windows Steps
- Create
replicateusers.bat
,replicateusers.ps1
,replicatepredefinedroles.bat
, andreplicatepredefinedroles.ps1
and save them in a local directory in which you have write and execute privileges. - Update the batch files with information for the source and target environments, and internet proxy server, if needed.
- Run
replicateusers.bat
, which executesreplicateusers.ps1
. You must specify the default password to be assigned to replicated users as a command line parameter as follows:replicateusers.bat Pwd_for_users
If the password contains special characters, be sure to use the appropriate escape character. See Handling Special Characters.
- Run
replicatepredefinedroles.bat
to create role assignments identical to those that exist in the source environment.
Linux/UNIX Steps
- Create the
replicateusers.sh
andreplicatepredefinedroles.sh
scripts and save them in a local directory in which you have write and execute privileges. - Update
replicateusers.sh
andreplicatepredefinedroles.sh
with information for the source and target environments, and internet proxy server, if needed. - Run
replicateusers.sh
. You must specify the default password to be assigned to replicated users as a command line parameter as follows:./replicateusers.sh Pwd_for_users
If the password contains special characters, be sure to use the appropriate escape character. See Handling Special Characters.
- Run
replicatepredefinedroles.sh
script to create role assignments identical to those that exist in the source environment.