ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to migrate Endpoint Account Templates from one environment to another


Article ID: 221982


Updated On:


CA Identity Suite CA Identity Manager


Account templates are not part of the IM object store, so they are not exported in the roles.xml.


Instead, they exist at the provisioning layer.

There is no documentation

or tool to migrate the Account Templates.


Release : ALL


An approach that others have

tried which you can try as well is listed below. Please note that this is

provided as-is and you should first test it out.


In existing (ie. Development) environment:

a. dump the account template from the Provisioning Server (port 20389) via


b. remove the eTID values for each Account Template in the ldif file

c. adjust the attributes (i.e. endpoint name) as needed


In New IM environment:

d. import the role definitions on IM console, this will recreate all the

provisioning roles

e. import the ldif to new IMPS (port 20389) via Jxplorer (the endpoints

should already have been acquired/explored

Note: The Account Templates will not be associated to the Provisioning Roles

f. Manually associate the Provisioning Role and the Account Templates


The Role <-> Template and the

Template <-> Endpoint mapping are handled via special inclusion objects which is

why you don't see it as part of the Template LDIF file you exported. You

will need to manually re-link the Role to the Template and the Template to

the Endpoint. You could use the etautil tool to help you with this.



etautil -u USER -p PWD -f INPUT.txt



where input.txt contains etautil commands (one per line) such as:



add 'eTNamespaceName=ActiveDirectory' eTADSDirectory

eTADSDirectoryName='My_Endpoint' in 'eTADSPolicyContainerName=

Active Directory Policies,eTNamespaceName=CommonObjects'

eTADSPolicy eTADSPolicyName='My_Template';



add 'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects' eTRole

eTRoleName='My_Role' in 'eTADSPolicyContainerName=Active Directory

Policies,eTNamespaceName=CommonObjects' eTADSPolicy