Supported Solution:IDM does support for the manipulation of user organization location. You will need to delete the user and recreate them under the desired organization within Identity Manager
Unsupported Workaround:NOTE: ALL USER MIGRATION ON THE BACKEND CAN CAUSE USER DATA CORRUPTION AND IT IS SUGGEST THAT YOU BACK UP ALL YOUR DATA PRIOR TO ANY CHANGES. ONLY PERFORM THESE STEPS IF YOU ARE PROFICIENT IN THE APPLICATION. ANY ISSUES CAUSED BY THE BELOW STEPS WILL RESULT IN YOU BEING REQUIRED TO REVERT ALL CHANGES. MAKE SURE YOU TAKE SNAPSHOTS OF ALL SYSTEMS INVOLVED INCLUDING SQL. SUPPORT WILL NOT TROUBLESHOOT ISSUES CAUSED BY THE BELOW STEPS.Caveats: 1) The user being moved cannot have an active pending workflow against them.2) The user being moved cannot have a pending task against them.3) Any rules regarding admin/owner/member policies could affect user integrity... etcYou are not limited to only the above scenarios but there could be others. You should make sure at least the above 3 conditions are focused on before moving the user on the back end.Work Around Steps:You will need to utilize modrn functionality against CA Directory.
Reference:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/directory/14-1/reference/file-structure-and-file-formats/ldif/format-of-information-in-an-ldif-file.html
You will need to get all the dn values you want to move. Then you will need to build an LDIF file such as the below example. Let's say you want to move this user from ou=Support,ou=Customer,o=DEMOCORP,c=AU to ou=Customer,o=DEMOCORP,c=AU. You will need to make an LDIF file with the modrdn request in it. See below.
Use Case:
Old DN: cn=Glenda STEIN,ou=Support,ou=Customer,o=DEMOCORP,c=AU
New DN: cn=Glenda STEIN,ou=Customer,o=DEMOCORP,c=AU
Create an LDIF file with the below lines:
dn: cn=Glenda STEIN,ou=Support,ou=Customer,o=DEMOCORP,c=AU
changetype: modrdn
newrdn: cn=Glenda STEIN
deleteoldrdn: 1
newsuperior: ou=Customer,o=DEMOCORP,c=AU
Once you have this done then you will need to execute a dxmodify:
dxmodify -c -h hostname:19389 -D bindDN -f newou.ldif
Reference:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/directory/14-1/administrating/tools-to-manage-ca-directory/dxtools/dxmodify-tool-add-new-or-changed-information-to-a-directory.htmlNow when you view the user in Identity Manager you will see they are apart of the new Organization.