Replicating the Users of One Identity Domain in Another
Use the scripts in this section to clone users of one identity domain to another identity domain. The user running these scripts must have the Identity Domain Administrator and Service Administrator roles in the source and target environments.
Windows
Create replicateusers.bat and replicateusers.ps1 by copying the scripts in this section.
-
Create
replicateusers.ps1by copying this script:# Replicate users script $inputproperties = ConvertFrom-StringData(Get-Content ./input.properties -raw) $epmusersource="$($inputproperties.epmusersource)" $epmpwdsource="$($inputproperties.epmpwdsource)" $epmurlsource="$($inputproperties.epmurlsource)" $epmidentitydomainsource="$($inputproperties.epmidentitydomainsource)" $epmusertarget="$($inputproperties.epmusertarget)" $epmpwdtarget="$($inputproperties.epmpwdtarget)" $epmurltarget="$($inputproperties.epmurltarget)" $epmidentitydomaintarget="$($inputproperties.epmidentitydomaintarget)" $proxyserverusername="$($inputproperties.proxyserverusername)" $proxyserverpassword="$($inputproperties.proxyserverpassword)" $proxyserverdomain="$($inputproperties.proxyserverdomain)" $userpassword="$($inputproperties.userpassword)" $resetpassword="$($inputproperties.resetpassword)" $emailtoaddress="$($inputproperties.emailtoaddress)" $roleassignmentreport="roleassignmentreport.csv" $usersreport="users.csv" echo "Replicate users script started" # delete existing reports $roleassignmentreportexists=Test-Path $roleassignmentreport if ($roleassignmentreportexists) { rm $roleassignmentreport 2>&1 | out-null } $usersreportexists=Test-Path $usersreport if ($usersreportexists) { rm $usersreport 2>&1 | out-null } # epmautomate login Source App as an IDM Admin echo "Logging into source application at ${epmurlsource}" epmautomate login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain} echo "Creating role assignment report: ${roleassignmentreport}" epmautomate roleAssignmentReport ${roleassignmentreport} if (${emailtoaddress} -match "@") { epmautomate.bat sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport} echo "Downloading role assignment report" epmautomate downloadfile ${roleassignmentreport} epmautomate deletefile ${roleassignmentreport} epmautomate logout # Create users report Get-Content ${roleassignmentreport} | ForEach-Object { $user=$_.split(',')[0] $firstname=$_.split(',')[1] $lastname=$_.split(',')[2] $email=$_.split(',')[3] if ($firstname -eq "First Name") { return } else { echo "${firstname},${lastname},${email},${user}" >> ${usersreport} } } Get-Content -Path "${usersreport}" | Sort-Object -Unique > "${usersreport}.tmp" mv -Force "${usersreport}.tmp" "${usersreport}" $userheader="First Name,Last Name,Email,User Login" "${userheader}`r`n" + (Get-Content $usersreport -Raw) | Set-Content $usersreport # epmautomate login Target App as an IDM Admin echo "Logging into target application at ${epmurltarget}" epmautomate login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain} epmautomate deletefile ${usersreport} | Out-Null echo "Uploading file ${usersreport}" epmautomate uploadfile ${usersreport} echo "Adding users" epmautomate addUsers ${usersreport} userPassword=${userpassword} resetPassword=${resetpassword} epmautomate deletefile ${usersreport} epmautomate logout rm deletefile*.log | Out-Null echo "Replicate users script completed" - Create the
input.propertiesfile by copying this script:epmusersource=EPM USER FOR SOURCE ENVIRONMENT epmpwdsource=EPM PASSWORD FILE FOR SOURCE ENVIRONMENT epmurlsource=EPM URL FOR SOURCE ENVIRONMENT epmidentitydomainsource=EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT epmusertarget=EPM USER FOR TARGET ENVIRONMENT epmpwdtarget=EPM PASSWORD FILE FOR TARGET ENVIRONMENT epmurltarget=EPM URL FOR TARGET ENVIRONMENT epmidentitydomaintarget=EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT proxyserverusername=PROXY SERVER USER NAME proxyserverpassword=PROXY SERVER PASSWORD FILE proxyserverdomain=PROXY SERVER DOMAIN userpassword=DEFAULT PASSWORD FOR REPLICATED USERS resetpassword=false emailtoaddress=EMAIL_TO_ADDRESS - Update
input.properties. See the following table for the values you must specify.Parameter Description epmusersourceUser name of a user with Identity Domain Administrator and Service Administrator roles in the source environment. Examples:
Windows:
set epmusersource="jDoe"Linux/UNIX:
epmusersource="jDoe"epmpwdsourcePassword of the user or the absolute path of the encrypted password file. Examples:
Windows:
set epmpwdsource="Example"Linux/UNIX:
epmpwdsource="Example"epmurlsourceURL of the environment from which users are to be copied. Examples:
Windows:
set epmurlsource="https://example.oraclecloud.com"Linux/UNIX:
epmurlsource="https://example.oraclecloud.com"epmidentitydomainsourceName of the identity domain used by the source environment. Examples:
Windows:
set epmidentitydomainsource="example_source_dom"Linux/UNIX:
epmidentitydomainsource="example_source_dom"epmusertargetUser name of a user with Identity Domain Administrator and Service Administrator roles in the target environment. Examples:
Windows:
set epmusertarget="John.Doe"Linux/UNIX:
set epmusertarget="John.Doe"epmpwdtargetPassword of the user or the absolute path of the encrypted password file. Examples:
Windows:
set epmpwdtarget="Example1"Linux/UNIX:
epmpwdtarget="Example1"epmurltargetURL of the environment in which users are to be created. Examples:
Windows:
set epmurltarget="https://example.oraclecloud.com"Linux/UNIX:
epmurltarget="https://example.oraclecloud.com"epmidentitydomaintargetName of the identity domain used by the target environment. Examples:
Windows:
set epmidentitydomaintarget="example_source_dom"Linux/UNIX:
epmidentitydomaintarget="example_target_dom"proxyserverusernameThe user name to authenticate a secure session with the proxy server that controls access to the internet. Delete all occurrence of this property if not used. Examples:
Windows:
set proxyserverusername="Example"Linux/UNIX:
proxyserverusername="Example"proxyserverpasswordThe password to authenticate the user with the proxy server. Delete all occurrence of this property if not used. Examples:
Windows:
set proxyserverpassword="examplePwd"Linux/UNIX:
proxyserverpassword="examplePwd"proxyserverdomainThe name of the domain defined for the proxy server. Delete all occurrence of this property if not used. Examples:
Windows:
set proxyserverdomain="exampleDom"Linux/UNIX:
proxyserverdomain="exampleDom"emailtoaddressOptionally, the email address to which the Role Assignment report is to be sent. The report is emailed only if this value is specified. Example:
emailtoaddress=john.doe@example.com
Linux/UNIX
- Create
replicateusers.shby copying the following script.#!/bin/sh . ./input.properties roleassignmentreport="roleassignmentreport.csv" usersreport="users.csv" paramrequiredmessage='Syntax: replicateusers.sh export JAVA_HOME=${javahome} echo "Replicate users script started" # epmautomate login Source App as an IDM Admin echo "Logging into source application at ${epmurlsource}" ${epmautomatescript} login ${epmusersource} ${epmpwdsource} ${epmurlsource} ${epmidentitydomainsource} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain} echo "Creating role assignment report: ${roleassignmentreport}" ${epmautomatescript} roleAssignmentReport ${roleassignmentreport} if [[ "${emailtoaddress}" == *"@"* ]] then ${epmautomatescript} sendMail $emailtoaddress "Role assignment report" Body="Role assignment report is attached." Attachments=$roleassignmentreport fi echo "Downloading role assignment report" ${epmautomatescript} downloadfile ${roleassignmentreport} ${epmautomatescript} deletefile ${roleassignmentreport} ${epmautomatescript} logout awk -F, '{print $2","$3","$4","$1}' ${roleassignmentreport} | (read -r; printf "%s\n" "$REPLY"; sort -u) > ${usersreport} # epmautomate login Target App as an IDM Admin echo "Logging into target application at ${epmurltarget}" ${epmautomatescript} login ${epmusertarget} ${epmpwdtarget} ${epmurltarget} ${epmidentitydomaintarget} ${proxyserverusername} ${proxyserverpassword} ${proxyserverdomain} ${epmautomatescript} deletefile ${usersreport} > /dev/null 2>&1 echo "Uploading file ${usersreport}" ${epmautomatescript} uploadfile ${usersreport} echo "Adding users" ${epmautomatescript} addUsers ${usersreport} userPassword=${userpassword} resetPassword=${resetpassword} ${epmautomatescript} deletefile ${usersreport} ${epmautomatescript} logout rm deletefile*.log > /dev/null 2>&1 echo "Replicate users script completed" - Create
input.propertiesfile by copying this script:javahome=JAVA HOME epmautomatescript=EPM AUTOMATE SCRIPT LOCATION epmusersource=EPM USER FOR SOURCE ENVIRONMENT epmpwdsource=EPM PASSWORD FILE FOR SOURCE ENVIRONMENT epmurlsource=EPM URL FOR SOURCE ENVIRONMENT epmidentitydomainsource=EPM IDENTITY DOMAIN FOR SOURCE ENVIRONMENT epmusertarget=EPM USER FOR TARGET ENVIRONMENT epmpwdtarget=EPM PASSWORD FILE FOR TARGET ENVIRONMENT epmurltarget=EPM URL FOR TARGET ENVIRONMENT epmidentitydomaintarget=EPM IDENTITY DOMAIN FOR TARGET ENVIRONMENT proxyserverusername=PROXY SERVER USER NAME proxyserverpassword=PROXY SERVER PASSWORD FILE proxyserverdomain=PROXY SERVER DOMAIN resetpassword=false emailtoaddress=EMAIL_TO_ADDRESS - Update
input.properties. See the Table 3-* for information on the values you must specify. Additionally, you must specify the values for these properties:javahome: the absolute path to the directory where Java is installed.epmautomatescript: Location ofepmautomatescript.sh; for example,epmautomatescript="/home/user1/epmautomate/bin/epmautomate.sh"