Applies to: Centrify DirectControl 5.1 and newer versions
Question?
Is there a way to convert Centrify's classic zones (version 4.x) to Hierarchical zones (version 5.x)?
Answer:
admigrate is an adedit script or CLI for helping environments migrate from classic zones to Hierarchical zones.
Usage:
/usr/share/centrifydc/adedit/admigrate
Missing input zone
usage:
-in <dn of source classic zone>
-z <dn of target zone>
-config <config file>
[-hz <dn of parent zone>]
[-f] [-v] [-n]
[-users] [-groups] [-nismaps] [-privileges]
where
-in <> : Source zone dn to be converted. This should be a classic zone.
-z <> : Target zone dn.
[-hz <>]: The parent zone of target zone.
[-v] : Verbose mode. Very useful in troubleshooting
[-n] : No checking.
[-f] : Force creation. Delete existing target zone.
[-users] : Migrate zone users
[-groups] : Migrate zone groups
[-nismaps] : Migrate nismap
[-privileges]: Migrate roles/commands/pam apps
[-config <>] : A Tcl file to bind to domains that will be used
Note: By default, it will migrate all.
Example of using admigrate:
The following command migrates the classic zone “finance” to a new hierarchical zone of the same name and sets this new zone as a child zone of the parent zone “global”.
It uses the bind credentials in the ~/admigrate.txt file, and outputs verbose information to the migrate_finance.txt file.
/usr/share/centrifydc/adedit/admigrate \\
-in "cn=finance,cn=zones,ou=unix,dc=acme,dc=com" \\
-z "cn=finance,cn=global,cn=zones,ou=unix,dc=acme,dc=com" \\
-hz "cn=global,cn=zones,ou=unix,dc=acme,dc=com" \\
-config ~/admigrate.txt \\
-f -v >migrate_finance.txt
For further details, please refer to page 47-57 of the Centrify Admin Guide for UNIX:
https://docs.centrify.com/en/css/suite2016/centrify-unix-adminguide.pdf
