I’m looking into migrating our existing BigFix environment to a new network in a new domain. All of our bigifx users were created in active directory and i’m not sure what the migration path is for the user accounts. I’m concerned with what happens to all our open actions and all the patch policies we have configured under our existing accounts. I’ve read thru the documentation and didn’t see anything specific around this scenario. Has anyone done something similar?
“It Depends” ™
Just so we have an idea of scale, how many operators are we talking about? And are your accounts auto-provisioned by being in an LDAP role, or do you specifically create each LDAP operator account in the BES Console?
If you just added a second LDAP directory, you could either create a second LDAP operator account for each of your users and leave the old operator accounts in place. You’d need to duplicate any Role memberships, user permissions, or computer assignments.
You can also right-click each Console Operator account and “Convert to LDAP operator” (even for accounts that are already LDAP operators) to migrate each account one-at-a-time. With this process, the operator ID, opsites, open actions, etc. stay the same while the username changes. That’s useful because you can try it out with a few test accounts to get comfortable with the process.
Web Reports is a bit trickier. I don’t think there is a process to migrate accounts using the graphical interface, so the user accounts in the new domain would not be linked to the original accounts (the old and new accounts may have separate saved reports, for instance). I have performed account migrations by manipulating the BESReporting SQL database directly, but it would very much be a “take good backups, use at your own risk, and test accordingly” kind of process (and the queries/updates that are needed can vary a bit based on how your Web Reports is setup, how old the WR accounts are, etc.). I’d suggest opening a Support incident or working with your TA.
2 Likes
i tested “Convert to LDAP operator” in my test environment… worked great. I’ll reach out to our TA to figure how to handle the report server. Thanks Jason.
1 Like