Symantec IGA

  • Private Community

  • 1.  How can I to extract user from IDM

    Posted Aug 11, 2015 11:07 AM

    I need to extract users active and inactive from Identity Manager to csv?



  • 2.  Re: How can I to extract user from IDM

    Posted Aug 12, 2015 08:56 AM

    Asanjolison, You should be able to use a ldap browser such as JXPlorer to accomplish this.



  • 3.  Re: How can I to extract user from IDM

    Posted Aug 12, 2015 08:58 AM

    Hi Asan.

     

    You have opened a support ticket for this. I'll answer you on that ticket, then I'll post the solution here to help others in the future.

     

    Regards,

    Pioker



  • 4.  Re: How can I to extract user from IDM
    Best Answer

    Posted Aug 12, 2015 02:29 PM

    Hi Asan.

     

    As stated on the support ticket:

     

    You can export the users from CA IDM User Store filtering the status on %ENABLED_STATE% as follows:

     

    0 = Active

    1 = Inactivated by Admin

    2 = Active, but blocked due to failed login attempts

    4 = Blocked due to inactivity

    8 = Active, password expired

    9 = Inactivated by Admin, password expired

    16777216 = Active, need to reset password upon the first login

    16777217 = Inactive, need to reset password upon the first login if reactivated

     

    In your environment, the ENABLED_STATE well-know attribute is mapped to carLicense attribute in CA Directory. So you can export an LDIF with all the users and filter them using the values listed above.

     

    Regards,

    Pioker



  • 5.  RE: Re: How can I to extract user from IDM

    Posted Jul 12, 2019 04:25 PM
    Hello,

    Is this still the recommended method of export? Is there a way to export to an appropriate csv so that I can import across multiple instances of Identity Manager? An LDIF file can't import for a bulk upload, unless I'm mistaken.
    Original Message


  • 6.  RE: Re: How can I to extract user from IDM

    Broadcom Employee
    Posted Jul 12, 2019 05:44 PM
    You can use ldif2csv (sourceforge) to convert to CSV If that's what you want. 

    Importing bulk users through the bulk loader would require CSV format and will trigger any Identity and PX policies you may have, but the process is slow.

    Importing users into the corporate directory using LDIF as a backend channel is faster by orders of magnitude but it does not trigger any policies (create user event or task based) since you are bypassing the Identity Managemt engine.
    Original Message