SlideShare ist ein Scribd-Unternehmen logo

Migrating application users and passwords with Password Manager

Hitachi ID Systems, Inc.
Hitachi ID Systems, Inc.

This document describes a number of ways in which Hitachi ID Password Manager can be used to ease system and directory migrations. Examples of migrations include, but are not limited to: 1. Upgrading a Novell NetWare / eDirectory environment to Windows 2008 / Active Directory. 2. Moving from one mail system (e.g., Lotus Notes) to another (e.g., Microsoft Exchange). 3. Replacing one LDAP directory product with another. 4. Rolling out a new application that impacts a large user population, such as a self-service human resources (HR) portal. As will be described below, Password Manager can assist in the initial activation of the new system or directory and in the transition period where both the old and new systems are active.

Technologie
1 von 8
Downloaden Sie, um offline zu lesen
Migrating application users and passwords with Password Manager © 2014 Hitachi ID Systems, Inc. All rights reserved.
Contents 1 Introduction 1 2 Migrating Users 1 3 Initializing Passwords 2 4 Maintaining Passwords During the Transition 3 APPENDICES 4 A LDIF Example File 5 B SQL Example File 6 i
Migrating application users and passwords with Password Manager 1 Introduction This document describes a number of ways in which Hitachi ID Password Manager can be used to ease system and directory migrations. Examples of migrations include, but are not limited to: 1. Upgrading a Novell NetWare / eDirectory environment to Windows 2008 / Active Directory. 2. Moving from one mail system (e.g., Lotus Notes) to another (e.g., Microsoft Exchange). 3. Replacing one LDAP directory product with another. 4. Rolling out a new application that impacts a large user population, such as a self-service human resources (HR) portal. As will be described below, Password Manager can assist in the initial activation of the new system or directory and in the transition period where both the old and new systems are active. 2 Migrating Users As a part of its nightly automation process, Hitachi ID Password Manager extracts a list of users from every system where it manages passwords. When migrating users to a new directory, these user lists are a natural place to start to get a list of users that should be created on the new system. For example, the following command can be used to extract a list of user IDs and full names from the Password Manager database: c: cd "Program FilesP-Synch<instance>db" ..utildumpdb user -trim -delimited > c:tempusers.txt This list of users can be manipulated into SQL commands to create database users or an LDIF file to create LDAP or AD users. Details of the LDIF or SQL files vary, but Section A on Page 5 and Section B on Page 6 include some examples: Another key advantage of using Password Manager in an application or directory migration project is the ability to create new login IDs with random initial password values and avoid distributing password values by e-mail. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 1
Migrating application users and passwords with Password Manager 3 Initializing Passwords A major problem in activating a new system is selecting a suitable initial password for users, and communi- cating that initial value to users securely. Setting the initial password value to a user’s SSN or login ID is insecure. Setting a stronger password is better, but communicating that initial value to users by e-mail is also insecure. With Hitachi ID Password Manager, users need not know the initial password value to their new account. Instead, they can be instructed by e-mail to change all of their passwords, including the new one, with Password Manager. This way, they change their password from an initial random string (which they do not know) to a strong value securely, after proper authentication (with another system’s password). For example, new users of an LDAP directory might receive an e-mail with the text: Acme, Inc. has activated a new corporate directory. New applications, and our Intranet, will verify your identity using a user ID and password on this directory. To activate your corporate directory account, click on the link below, enter your windows network login ID and password, and select a new password for all of your accounts. You will then be able to use the new password both for the systems with which you are already familiar, and for the new corporate directory. http://password.acme.com/psynch/nph-psf.exe Users would follow the link, type their existing Windows NT login ID and password, and select a new password. They will then be able to log into every system, including the new LDAP directory, with the new password. Thus migrating users can be done efficiently and securely. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 2
Migrating application users and passwords with Password Manager 4 Maintaining Passwords During the Transition In the event of a directory migration (for example, upgrading a domain from NetWare NDS to Windows 2008 Active Directory), it may be useful to keep running both systems for a transition period. In these cases, the password synchronization features of Hitachi ID Password Manager will significantly reduce the complexity for end users, as they won’t really have to understand which resources use which directory (and hence which password). This will directly reduce the support load produced by the transition period. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 3
Migrating application users and passwords with Password Manager APPENDICES © 2014 Hitachi ID Systems, Inc.. All rights reserved. 4
Migrating application users and passwords with Password Manager A LDIF Example File dn: CN=FRIT0000,CN=Corporate,DC=ad-idslite,DC=hitachi-id,DC=com changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: FRIT0000 description: Randell Fritz distinguishedName: CN=FRIT0000,CN=Corporate,DC=ad-idslite,DC=hitachi-id,DC=com userPrincipalName: randell.fritzad-idslite.hitachi-id.com mail: randell.fritzad-idslite.hitachi-id.com givenname: Randell sn: Fritz displayName: Fritz, Randell telephoneNumber: (972) 116-3406 homePhone: (972) 116-3406 streetAddress: 822 Seventh Ave. l: Dallas st: Texas c: US postalCode: 44820 name: FRIT0000 userAccountControl: 514 sAMAccountName: FRIT0000 © 2014 Hitachi ID Systems, Inc.. All rights reserved. 5
Migrating application users and passwords with Password Manager B SQL Example File insert into hrapp.person ( employeeNum, loginID, firstName, lastName, streetAddress, city, state, zipCode, homePhone, emailAddress, startDate, status ) values ( "E000001", "HOPK0000", "Wilber", "Hopkins", "123 Second St.", "San Antonio", "Texas", "48840", "(830) 941-6880", "wilber.hopkinsad-idslite.hitachi-id.com", "1996-09-10", "ACTIVE" ); insert into hrapp.pii ( employeeNum, dateOfBirth, socialSecurityNumber, driversLicenseNumber, mothersMaidenName ) values ( "E000001", "1974-01-24", "262-46-5300", "823758-636", "Harris" ); www.Hitachi-ID.com 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: /pub/wp/documents/migration/psynch_in_migrations_5.tex Date: 2009-09-21

Empfohlen

roberts portfolio
roberts portfolioroberts portfolio
roberts portfolio
robertpettigrew
 
Tech Ed 2011 Preso
Tech Ed 2011 PresoTech Ed 2011 Preso
Tech Ed 2011 Preso
PAUL CONROY
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
Kunal Grover
 
Password Management
Password ManagementPassword Management
Password Management
Rick Chin
 
Password management
Password managementPassword management
Password management
Wilmington University
 
Password management
Password managementPassword management
Password management
PortalGuard dba PistolStar, Inc.
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentation
Hitachi ID Systems, Inc.
 
tranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And When
tranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And WhentranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And When
tranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And When
David Peyruc
 

Empfohlen

roberts portfolio
roberts portfolioroberts portfolio
roberts portfolio
robertpettigrew
 
Tech Ed 2011 Preso
Tech Ed 2011 PresoTech Ed 2011 Preso
Tech Ed 2011 Preso
PAUL CONROY
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
Kunal Grover
 
Password Management
Password ManagementPassword Management
Password Management
Rick Chin
 
Password management
Password managementPassword management
Password management
Wilmington University
 
Password management
Password managementPassword management
Password management
PortalGuard dba PistolStar, Inc.
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentation
Hitachi ID Systems, Inc.
 
tranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And When
tranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And WhentranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And When
tranSMART Community Meeting 5-7 Nov 13 - Session 2: MongoDB: What, Why And When
David Peyruc
 
Locking down a Hitachi ID Management Suite server
Locking down a Hitachi ID Management Suite serverLocking down a Hitachi ID Management Suite server
Locking down a Hitachi ID Management Suite server
Hitachi ID Systems, Inc.
 
Value Proposition Of Thomas Jackson
Value Proposition Of Thomas JacksonValue Proposition Of Thomas Jackson
Value Proposition Of Thomas Jackson
Thomas Jackson
 
Strategic consulting sm_es_green_water_navin_agarwal
Strategic consulting sm_es_green_water_navin_agarwalStrategic consulting sm_es_green_water_navin_agarwal
Strategic consulting sm_es_green_water_navin_agarwal
Navin Agarwal
 
Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...
Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...
Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...
Global Business Events
 
Проектная деятельность учащихся на уроках информатики
Проектная деятельность учащихся на уроках информатики Проектная деятельность учащихся на уроках информатики
Проектная деятельность учащихся на уроках информатики
Diana Der
 
UPB - Software is eating up the world
UPB - Software is eating up the worldUPB - Software is eating up the world
UPB - Software is eating up the world
Eddy D. Sánchez
 
網站首頁比較
網站首頁比較網站首頁比較
網站首頁比較
心瑜 楊
 
BelalOssamaAbuLabanResume2016 - Copy
BelalOssamaAbuLabanResume2016 - CopyBelalOssamaAbuLabanResume2016 - Copy
BelalOssamaAbuLabanResume2016 - Copy
belal abulaban
 
现代化敏捷测试工作者
现代化敏捷测试工作者现代化敏捷测试工作者
现代化敏捷测试工作者
Yi Xu
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
Hitachi ID Systems, Inc.
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing Value
Hitachi ID Systems, Inc.
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
Hitachi ID Systems, Inc.
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
Hitachi ID Systems, Inc.
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
Hitachi ID Systems, Inc.
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
Hitachi ID Systems, Inc.
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
Hitachi ID Systems, Inc.
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
Hitachi ID Systems, Inc.
 

Weitere ähnliche Inhalte

Andere mochten auch

Strategic consulting sm_es_green_water_navin_agarwal
Strategic consulting sm_es_green_water_navin_agarwalStrategic consulting sm_es_green_water_navin_agarwal
Strategic consulting sm_es_green_water_navin_agarwal
Navin Agarwal
 
網站首頁比較
網站首頁比較網站首頁比較
網站首頁比較
心瑜 楊
 
BelalOssamaAbuLabanResume2016 - Copy
BelalOssamaAbuLabanResume2016 - CopyBelalOssamaAbuLabanResume2016 - Copy
BelalOssamaAbuLabanResume2016 - Copy
belal abulaban
 
现代化敏捷测试工作者
现代化敏捷测试工作者现代化敏捷测试工作者
现代化敏捷测试工作者
Yi Xu
 

Andere mochten auch (9)

Locking down a Hitachi ID Management Suite server
Locking down a Hitachi ID Management Suite serverLocking down a Hitachi ID Management Suite server
Locking down a Hitachi ID Management Suite server
 
Value Proposition Of Thomas Jackson
Value Proposition Of Thomas JacksonValue Proposition Of Thomas Jackson
Value Proposition Of Thomas Jackson
 
Strategic consulting sm_es_green_water_navin_agarwal
Strategic consulting sm_es_green_water_navin_agarwalStrategic consulting sm_es_green_water_navin_agarwal
Strategic consulting sm_es_green_water_navin_agarwal
 
Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...
Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...
Clemente De Lucia, Senior Economist at BNP Paribas - How should the ECB act t...
 
Проектная деятельность учащихся на уроках информатики
Проектная деятельность учащихся на уроках информатики Проектная деятельность учащихся на уроках информатики
Проектная деятельность учащихся на уроках информатики
 
UPB - Software is eating up the world
UPB - Software is eating up the worldUPB - Software is eating up the world
UPB - Software is eating up the world
 
網站首頁比較
網站首頁比較網站首頁比較
網站首頁比較
 
BelalOssamaAbuLabanResume2016 - Copy
BelalOssamaAbuLabanResume2016 - CopyBelalOssamaAbuLabanResume2016 - Copy
BelalOssamaAbuLabanResume2016 - Copy
 
现代化敏捷测试工作者
现代化敏捷测试工作者现代化敏捷测试工作者
现代化敏捷测试工作者
 

Mehr von Hitachi ID Systems, Inc.

How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
Hitachi ID Systems, Inc.
 

Mehr von Hitachi ID Systems, Inc. (20)

Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing Value
 
Authentication Management
Authentication ManagementAuthentication Management
Authentication Management
 
Introduction to Identity Management
Introduction to Identity ManagementIntroduction to Identity Management
Introduction to Identity Management
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
Hitachi ID Group Manager
Hitachi ID Group ManagerHitachi ID Group Manager
Hitachi ID Group Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management SuiteHitachi ID Identity and Access Management Suite
Hitachi ID Identity and Access Management Suite
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
 
Building an Identity Management Business Case
Building an Identity Management Business CaseBuilding an Identity Management Business Case
Building an Identity Management Business Case
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
Hitachi ID Access Certifier
Hitachi ID Access CertifierHitachi ID Access Certifier
Hitachi ID Access Certifier
 
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?How Well is Your Organization Protecting its Real Crown Jewels - Identities?
How Well is Your Organization Protecting its Real Crown Jewels - Identities?
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Hitachi ID Password Manager
Hitachi ID Password ManagerHitachi ID Password Manager
Hitachi ID Password Manager
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Migrating application users and passwords with Password Manager

  • 1. Migrating application users and passwords with Password Manager © 2014 Hitachi ID Systems, Inc. All rights reserved.
  • 2. Contents 1 Introduction 1 2 Migrating Users 1 3 Initializing Passwords 2 4 Maintaining Passwords During the Transition 3 APPENDICES 4 A LDIF Example File 5 B SQL Example File 6 i
  • 3. Migrating application users and passwords with Password Manager 1 Introduction This document describes a number of ways in which Hitachi ID Password Manager can be used to ease system and directory migrations. Examples of migrations include, but are not limited to: 1. Upgrading a Novell NetWare / eDirectory environment to Windows 2008 / Active Directory. 2. Moving from one mail system (e.g., Lotus Notes) to another (e.g., Microsoft Exchange). 3. Replacing one LDAP directory product with another. 4. Rolling out a new application that impacts a large user population, such as a self-service human resources (HR) portal. As will be described below, Password Manager can assist in the initial activation of the new system or directory and in the transition period where both the old and new systems are active. 2 Migrating Users As a part of its nightly automation process, Hitachi ID Password Manager extracts a list of users from every system where it manages passwords. When migrating users to a new directory, these user lists are a natural place to start to get a list of users that should be created on the new system. For example, the following command can be used to extract a list of user IDs and full names from the Password Manager database: c: cd "Program FilesP-Synch<instance>db" ..utildumpdb user -trim -delimited > c:tempusers.txt This list of users can be manipulated into SQL commands to create database users or an LDIF file to create LDAP or AD users. Details of the LDIF or SQL files vary, but Section A on Page 5 and Section B on Page 6 include some examples: Another key advantage of using Password Manager in an application or directory migration project is the ability to create new login IDs with random initial password values and avoid distributing password values by e-mail. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 1
  • 4. Migrating application users and passwords with Password Manager 3 Initializing Passwords A major problem in activating a new system is selecting a suitable initial password for users, and communi- cating that initial value to users securely. Setting the initial password value to a user’s SSN or login ID is insecure. Setting a stronger password is better, but communicating that initial value to users by e-mail is also insecure. With Hitachi ID Password Manager, users need not know the initial password value to their new account. Instead, they can be instructed by e-mail to change all of their passwords, including the new one, with Password Manager. This way, they change their password from an initial random string (which they do not know) to a strong value securely, after proper authentication (with another system’s password). For example, new users of an LDAP directory might receive an e-mail with the text: Acme, Inc. has activated a new corporate directory. New applications, and our Intranet, will verify your identity using a user ID and password on this directory. To activate your corporate directory account, click on the link below, enter your windows network login ID and password, and select a new password for all of your accounts. You will then be able to use the new password both for the systems with which you are already familiar, and for the new corporate directory. http://password.acme.com/psynch/nph-psf.exe Users would follow the link, type their existing Windows NT login ID and password, and select a new password. They will then be able to log into every system, including the new LDAP directory, with the new password. Thus migrating users can be done efficiently and securely. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 2
  • 5. Migrating application users and passwords with Password Manager 4 Maintaining Passwords During the Transition In the event of a directory migration (for example, upgrading a domain from NetWare NDS to Windows 2008 Active Directory), it may be useful to keep running both systems for a transition period. In these cases, the password synchronization features of Hitachi ID Password Manager will significantly reduce the complexity for end users, as they won’t really have to understand which resources use which directory (and hence which password). This will directly reduce the support load produced by the transition period. © 2014 Hitachi ID Systems, Inc.. All rights reserved. 3
  • 6. Migrating application users and passwords with Password Manager APPENDICES © 2014 Hitachi ID Systems, Inc.. All rights reserved. 4
  • 7. Migrating application users and passwords with Password Manager A LDIF Example File dn: CN=FRIT0000,CN=Corporate,DC=ad-idslite,DC=hitachi-id,DC=com changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: FRIT0000 description: Randell Fritz distinguishedName: CN=FRIT0000,CN=Corporate,DC=ad-idslite,DC=hitachi-id,DC=com userPrincipalName: randell.fritzad-idslite.hitachi-id.com mail: randell.fritzad-idslite.hitachi-id.com givenname: Randell sn: Fritz displayName: Fritz, Randell telephoneNumber: (972) 116-3406 homePhone: (972) 116-3406 streetAddress: 822 Seventh Ave. l: Dallas st: Texas c: US postalCode: 44820 name: FRIT0000 userAccountControl: 514 sAMAccountName: FRIT0000 © 2014 Hitachi ID Systems, Inc.. All rights reserved. 5
  • 8. Migrating application users and passwords with Password Manager B SQL Example File insert into hrapp.person ( employeeNum, loginID, firstName, lastName, streetAddress, city, state, zipCode, homePhone, emailAddress, startDate, status ) values ( "E000001", "HOPK0000", "Wilber", "Hopkins", "123 Second St.", "San Antonio", "Texas", "48840", "(830) 941-6880", "wilber.hopkinsad-idslite.hitachi-id.com", "1996-09-10", "ACTIVE" ); insert into hrapp.pii ( employeeNum, dateOfBirth, socialSecurityNumber, driversLicenseNumber, mothersMaidenName ) values ( "E000001", "1974-01-24", "262-46-5300", "823758-636", "Harris" ); www.Hitachi-ID.com 500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com File: /pub/wp/documents/migration/psynch_in_migrations_5.tex Date: 2009-09-21