Symantec Access Management

Expand all | Collapse all

Policy Store on Microsoft Active Directory

  • 1.  Policy Store on Microsoft Active Directory

    Posted 07-24-2017 08:21 PM

    I am migrating my CA SSO 12.7's Policy Store from CA Directory Server 12.6 to Microsoft AD 2012 R2. Please share any link or document which can help me to do migration. Thank You in Advance !!



  • 2.  Re: Policy Store on Microsoft Active Directory

    Posted 07-24-2017 08:35 PM

    Hi Vipul,

     

    It's pretty straight forward.

     

    Here are the steps required :

     

    • Log in to the Policy Server host system.
    • Stop the Policy Server.
    • From the “Data” tab of the SmConsole ensure that Policy server is connected to the source (CA Directory) for both Policy store & Key store
    • Export a full-backup of the policy store contents using XPSExport
    xpsexport <filename> -xb –npass
    or (for encrypted output)
    xpsexport <filename> -xb –pass <password>
      • Export the Keys using smkeyexport (clear-text option is preferred)
        smkeyexport –o <filename> -d<sm admin name> -w<smadmin password> -c
      • Configure the target store (Active Directory) as Policy store/Key Store

      https://docops.ca.com/ca-single-sign-on/12-7/en/installing/install-a-policy-server/configure-ldap-directory-servers-as-policy-session-and-key-stores/configure-an-ldap-directory-server-as-a-policy-store/configure-active-directory-as-a-policy-store/

        • Import the policy store contents using XPSImport using export taken in Step 4.
          xpsimport <filename> –fo –pass <password>
          or (if no password was used to create the export file):
          xpsimport <filename> –fo –npass
        • Use the "Data" tab of SmConsole to re-enter the Policystore/Key Store connection details previously configured, apply the change and then use the "Test Connection" button to verify. This is needed because the full policy store export/import overwrites these details as well.
        • Import the Agent Keys using smkeyimport (clear-text option) using export taken in Step 5.
          smkeyimport –i<filename> -d<sm admin name> -w<sm admin password> -c
        • Restart the Policy Server.

         

         

         

        Let me know if any questions.

         

        Regards,

        Ujwol Shrestha