Information on migrating provisioning account templates from one environment to another
search cancel

Information on migrating provisioning account templates from one environment to another


Article ID: 45042


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite



Account templates are not part of the IM object store, so they are not exported in the roles.xml.


Can account templates be exported and import to another environment?


12.5, 12.6 and 14.x


The provisioning templates exist at the provisioning layer.

There is no easy way or tool to migrate the Account Templates.

There is an approach that others have tried which you can try as well as listed below.


Component: IDMGR


Please note that this is provided as-is and you should first test it out.


In existing (ie. Development) environment:

  • Dump the account template from the Provisioning Server (port 20389) via Jxplorer
  • Remove the eTID values for each Account Template in the ldif file
  • Adjust the attributes (i.e. endpoint name) as needed

In the new IM environment:

  • Import the role definitions on IM console, this will recreate all the provisioning roles
  • Import the ldif to new IMPS (port 20389) via Jxplorer (the endpoints
  • The endpoint should have already have been acquired/explored

Note: The Account Templates will not be associated to the Provisioning Role.  Manually associate the Provisioning Role and the Account Templates


The Role <-> Template and the Template <-> Endpoint mapping are handled via special inclusion objects which is why you don't see it as part of the Template LDIF file you exported. You will need to manually re-link the Role to the Template and the Template to the Endpoint. You could use the etautil tool to help you with this.


etautil -u USER -p PWD -f INPUT.txt

where input.txt contains etautil commands (one per line) such as:


 add 'eTNamespaceName=ActiveDirectory' eTADSDirectory

eTADSDirectoryName='My_Endpoint' in 'eTADSPolicyContainerName=

Active Directory Policies,eTNamespaceName=CommonObjects'

eTADSPolicy eTADSPolicyName='My_Template';

add 'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects' eTRole

eTRoleName='My_Role' in 'eTADSPolicyContainerName=Active Directory

Policies,eTNamespaceName=CommonObjects' eTADSPolicy