Replicating the Users of One Identity Domain in Another

Use the scripts in this section to clone users of one identity domain to another identity domain. The user running these scripts must have the Identity Domain Administrator and Service Administrator roles in the source and target environments.

Windows

Create replicateusers.bat and replicateusers.ps1 by copying the scripts in this section.

1. Create replicateusers.ps1 by copying this script:

   # Replicate users script
   
   param(
     [string]$epmusersource,
     [string]$epmpwdsource,
     [string]$epmurlsource,
     [string]$epmidentitydomainsource,
     [string]$epmusertarget,
     [string]$epmpwdtarget,
     [string]$epmurltarget,
     [string]$epmidentitydomaintarget,
     [string]$proxyserverusername,
     [string]$proxyserverpassword,
     [string]$proxyserverdomain,
     [string]$userpassword,
     [string]$resetpassword,
     [string]$emailtoaddress
   )
   
   $roleassignmentreport="roleassignmentreport.csv"
   $usersreport="users.csv"
   
   echo "Replicate users script started"
   
   
   # delete existing reports
   $roleassignmentreportexists=Test-Path $roleassignmentreport
   if ($roleassignmentreportexists) {
       rm $roleassignmentreport 2>&1 | out-null
   }
   
   $usersreportexists=Test-Path $usersreport
   if ($usersreportexists) {
       rm $usersreport 2>&1 | out-null
   }
   
   # epmautomate login Source App as an IDM Admin
   echo "Logging into source application at ${epmurlsource}"
   epmautomate login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
   echo "Creating role assignment report: ${roleassignmentreport}"
   epmautomate roleAssignmentReport ${roleassignmentreport}
   if (${emailtoaddress} -match "@") {
       epmautomate.bat sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport}
   echo "Downloading role assignment report"
   epmautomate downloadfile ${roleassignmentreport}
   epmautomate deletefile ${roleassignmentreport}
   epmautomate logout
   
   # Create users report
   Get-Content ${roleassignmentreport} | ForEach-Object {
       $user=$_.split(',')[0]
       $firstname=$_.split(',')[1]
       $lastname=$_.split(',')[2]
       $email=$_.split(',')[3]
   
       if ($firstname -eq "First Name") {
           return
       } else {
           echo "${firstname},${lastname},${email},${user}" >> ${usersreport}
       }
   
   }
   
   Get-Content -Path "${usersreport}" | Sort-Object -Unique > "${usersreport}.tmp"
   mv -Force "${usersreport}.tmp" "${usersreport}"
   $userheader="First Name,Last Name,Email,User Login"
   "${userheader}`r`n" + (Get-Content $usersreport -Raw) | Set-Content $usersreport
   
   # epmautomate login Target App as an IDM Admin
   echo "Logging into target application at ${epmurltarget}"
   epmautomate login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
   epmautomate deletefile ${usersreport} | Out-Null
   echo "Uploading file ${usersreport}"
   epmautomate uploadfile ${usersreport}
   echo "Adding users"
   epmautomate addUsers ${usersreport} userPassword=${userpassword} resetPassword=${resetpassword}
   epmautomate deletefile ${usersreport}
   epmautomate logout
   rm deletefile*.log | Out-Null
   echo "Replicate users script completed"
   

2. Create replicateusers.bat by copying this script:

   @ECHO OFF
   SET thisdir=%~dp0
   SET scriptpath=%thisdir%replicateusers.ps1
   SET paramRequiredMessage=Syntax: replicateusers.bat "USER_PASSWORD"
   
   REM USER DEFINED VARIABLES
   REM -----------------------
   set epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>"
   set epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>"
   set epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>"
   set epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>"
   set epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>"
   set epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>"
   set epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>"
   set epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>"
   set proxyserverusername="<PROXY SERVER USER NAME>"
   set proxyserverpassword="<PROXY SERVER PASSWORD>"
   set proxyserverdomain="<PROXY SERVER DOMAIN>"
   set resetpassword=false
   set emailtoaddress="<EMAIL_TO_ADDRESS>"
   REM -----------------------
   
   if "%~1" == "" (
           echo USER_PASSWORD is missing. This is used to set the default password for the replicated users.
           echo %paramRequiredMessage%
           exit /b 1
     )
   
   PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& '%scriptpath%' -epmusersource '%epmusersource%' -epmpwdsource '%epmpwdsource%' -epmurlsource '%epmurlsource%' -epmidentitydomainsource '%epmidentitydomainsource%' -epmusertarget '%epmusertarget%' -epmpwdtarget '%epmpwdtarget%' -epmurltarget '%epmurltarget%' -epmidentitydomaintarget '%epmidentitydomaintarget%' -proxyserverusername '%proxyserverusername%' -proxyserverpassword '%proxyserverpassword%' -proxyserverdomain '%proxyserverdomain%' -userpassword '%~1' -resetpassword '%resetpassword%' -emailtoaddress '%emailtoaddress%'"
   

3. Update replicateusers.bat. See the following table for the values you must specify.

   Parameter	Description
   epmusersource	User name of a user with Identity Domain Administrator and Service Administrator roles in the source environment. Examples: Windows: set epmusersource="jDoe" Linux/UNIX: epmusersource="jDoe"
   epmpwdsource	Password of the user or the absolute path of the encrypted password file. Examples: Windows: set epmpwdsource="Example" Linux/UNIX: epmpwdsource="Example"
   epmurlsource	URL of the environment from which users are to be copied. Examples: Windows: set epmurlsource="https://example.oraclecloud.com" Linux/UNIX: epmurlsource="https://example.oraclecloud.com"
   epmidentitydomainsource	Name of the identity domain used by the source environment. Examples: Windows: set epmidentitydomainsource="example_source_dom" Linux/UNIX: epmidentitydomainsource="example_source_dom"
   epmusertarget	User name of a user with Identity Domain Administrator and Service Administrator roles in the target environment. Examples: Windows: set epmusertarget="John.Doe" Linux/UNIX: set epmusertarget="John.Doe"
   epmpwdtarget	Password of the user or the absolute path of the encrypted password file. Examples: Windows: set epmpwdtarget="Example1" Linux/UNIX: epmpwdtarget="Example1"
   epmurltarget	URL of the environment in which users are to be created. Examples: Windows: set epmurltarget="https://example.oraclecloud.com" Linux/UNIX: epmurltarget="https://example.oraclecloud.com"
   epmidentitydomaintarget	Name of the identity domain used by the target environment. Examples: Windows: set epmidentitydomaintarget="example_source_dom" Linux/UNIX: epmidentitydomaintarget="example_target_dom"
   proxyserverusername	The user name to authenticate a secure session with the proxy server that controls access to the internet. Delete all occurrence of this property if not used. Examples: Windows: set proxyserverusername="Example" Linux/UNIX: proxyserverusername="Example"
   proxyserverpassword	The password to authenticate the user with the proxy server. Delete all occurrence of this property if not used. Examples: Windows: set proxyserverpassword="examplePwd" Linux/UNIX: proxyserverpassword="examplePwd"
   proxyserverdomain	The name of the domain defined for the proxy server. Delete all occurrence of this property if not used. Examples: Windows: set proxyserverdomain="exampleDom" Linux/UNIX: proxyserverdomain="exampleDom"
   emailtoaddress	Optionally, the email address to which the Role Assignment report is to be sent. The report is emailed only if this value is specified. Example: emailtoaddress=john.doe@example.com

Linux/UNIX

1. Create replicateusers.sh by copying the following script.

   #!/bin/sh
   
   userpassword="$1"
   
   # USER DEFINED VARIABLES
   #-----------------------
   javahome="<JAVA HOME>"
   epmautomatescript="<EPM AUTOMATE SCRIPT LOCATION>"
   epmusersource="<EPM USER FOR SOURCE ENVIRONMENT>"
   epmpwdsource="<EPM PASSWORD FOR SOURCE ENVIRONMENT>"
   epmurlsource="<EPM URL FOR SOURCE ENVIRONMENT>"
   epmidentitydomainsource="<EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT>"
   epmusertarget="<EPM USER FOR TARGET ENVIRONMENT>"
   epmpwdtarget="<EPM PASSWORD FOR TARGET ENVIRONMENT>"
   epmurltarget="<EPM URL FOR TARGET ENVIRONMENT>"
   epmidentitydomaintarget="<EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT>"
   proxyserverusername="<PROXY SERVER USER NAME>"
   proxyserverpassword="<PROXY SERVER PASSWORD>"
   proxyserverdomain="<PROXY SERVER DOMAIN>"
   resetpassword="false"
   emailtoaddress="<EMAIL TO ADDRESS>"
   #-----------------------
   
   roleassignmentreport="roleassignmentreport.csv"
   usersreport="users.csv"
   paramrequiredmessage='Syntax: replicateusers.sh "USER_PASSWORD"'
   
   export JAVA_HOME=${javahome}
   
   if [ "${userpassword}" == "" ]
   then
       echo "USER_PASSWORD is missing. This is used to set the default password for the replicated users."
       echo "${paramrequiredmessage}"
       exit
   fi
   
   echo "Replicate users script started"
   
   # epmautomate login Source App as an IDM Admin
   echo "Logging into source application at ${epmurlsource}"
   ${epmautomatescript} login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
   echo "Creating role assignment report: ${roleassignmentreport}"
   ${epmautomatescript} roleAssignmentReport ${roleassignmentreport}
   if [[ "${emailtoaddress}" == *"@"* ]]
   then
       ${epmautomatescript} sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport
   fi
   echo "Downloading role assignment report"
   ${epmautomatescript} downloadfile ${roleassignmentreport}
   ${epmautomatescript} deletefile ${roleassignmentreport}
   ${epmautomatescript} logout
   
   awk -F, '{print $2","$3","$4","$1}' ${roleassignmentreport} | (read -r; printf "%s\n" "$REPLY"; sort -u) > ${usersreport}
   
   # epmautomate login Target App as an IDM Admin
   echo "Logging into target application at ${epmurltarget}"
   ${epmautomatescript} login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain}
   ${epmautomatescript} deletefile ${usersreport} > /dev/null 2>&1
   echo "Uploading file ${usersreport}"
   ${epmautomatescript} uploadfile ${usersreport}
   echo "Adding users"
   ${epmautomatescript} addUsers ${usersreport} userPassword=${userpassword} resetPassword=${resetpassword}
   ${epmautomatescript} deletefile ${usersreport}
   ${epmautomatescript} logout
   rm deletefile*.log > /dev/null 2>&1
   
   echo "Replicate users script completed"
   

2. Update replicateusers.sh. See the preceding table for information on the values you must specify. Additionally, you must specify the values for these properties:
   • javahome: the absolute path to the directory where Java is installed.
   • epmautomatescript: Location of epmautomatescript.sh; for example, epmautomatescript="/home/user1/epmautomate/bin/epmautomate.sh"