As Microsoft has called out the end of support for Basic Authentication access to Exchange Online API’s for Office365, the Office365 driver will be deprecated. As there will be no further updates to Office365 driver, you must now use the Azure AD driver to connect to the Office365/Azure account. A migration tool is developed for customers to migrate from the existing O365 driver to the Azure AD driver. The tool automates the migration of resources from the Office365 driver to Azure AD driver, but retains the historical data, such as Resource assignments and its history.
This document comprises the following sections:
The migration tool helps a user to:
The migration tool does not migrate the following:
Important: Migrating Licence Resources and Custom Licence Resources would trigger a sync and generate traffic.
For example, if a configured Custom License restricts a user from assigning the service plan EXCEL_PREMIUM and assigns all other plans, then you must first create a Role and then map all the License resources except for the resource for EXCEL_PREMIUM service plan. You can then assign this Role to all the desired users.
You must migrate the custom policies from Office365 driver to Azure AD driver manually. To migrate, you must first export the custom policies from Office365 driver and then import them to the Azure AD driver.
Enter the following commands as required to test the python versions installed in your machine:
Ensure the modules request, ldap3 and urllib3 entries are present. If the entries are not listed, install the required module with the command: pip install [module name] or pip3 install [module name].
You must perform the following steps to migrate Office365 to Azure AD driver:
NOTE: It is recommended to run the migration tool on a different server to avoid high utilization of CPU memory in Identity Manager server.
NOTE: Disabling this driver ensures that none of the events are stored in the driver cache.
or
For example, NCPCLIENT_REQ_TIMEOUT= 9000
NOTE: This setting is valid until the session is closed. By default, the NCP connection has a timeout of 115 seconds. If the total time of the query plus returning results exceeds that value, dxcmd exits with error 143. By setting the NCPCLIENT_REQ_TIMEOUT to a larger value (for example, 1200 seconds), increases the amount of time that the operation is allowed to execute. Since the value is in seconds, a setting of 1200 seconds would allow the operation to execute up to 20 minutes.
python36 Driv-AzureAD-Office365MigrationTool.py -host <IP address or hostname of the Identity Vault server> -user <Identity Vault Administrator name> -password <Identity Vault Administrator password> -ncp 524 -ssl <specify whether you want to connect through SSL> -ldaps 636 -uauser <Identity Applications Administrator Name> -uapass <Identity Applications Administrator Password> -container <User Search Container DN> -log <log level> -url <Identity Applications URL> -o365 <Office365 Driver DN> -azure <Azure AD Driver DN>
For example:
python36 Driv-AzureAD-Office365MigrationTool.py -host 192.168.0.25 -user cn=admin,ou=sa,o=system -password novell -ncp 524 -ssl Yes -ldaps 636 -uauser uaadmin -uapass novell -container o=data -log DEBUG -url https://identityapplications.example.com/IDMProv -o365 "cn=MSOffice365,cn=driverset1,o=system" -azure cn="AzureDriver,cn=driverset1,o=system"
NOTE: For help on using the migration script, run the python36 Driv-AzureAD-Office365MigrationTool.py -h command.
Alternatively, you can run the python36 Driv-AzureAD-Office365MigrationTool.py script and then specify the following details when prompted:
Input Prompt | Sample Values |
---|---|
Enter IP Address of the IDM Server (IDVault) | <IP address or hostname of the Identity Vault server> For example, 192.168.0.25 |
Enter the IDM Server admin | <Identity Vault Administrator name> For example, cn=admin,ou=sa,o=system |
Enter Password for the IDM Server admin | <Identity Vault Administrator password> For example, novell |
Enter the IDM Server NCP port | Enter the NCP port to run dxcmd commands. The default port is 524. NOTE: The default port is used, if a custom port is not specified. The port must be specified manually. |
Enter the base container of the users | Enter the container where the user objects exist. For example, o=data |
SSL enabled? Yes or No | Enter Yes if "Require TLS for Simple Bind is Yes". |
Enter the IDM Server LDAP port | Enter the LDAP port. You must specify these values manually. The default values are appended, if no values are specified. The default values are:
|
Enter Office365 driver DN | <Office365 Driver DN> For example, cn=MSOffice365,cn=driverset1,o=system |
Enter Azure driver DN | <Azure AD Driver DN> For example, cn=AzureDriver,cn=driverset1,o=system |
Enter name of userapp admin | <Identity Applications Administrator Name> For example, uaadmin |
Enter Password for userapp admin | <Identity Applications Administrator Password> For example, novell |
Enter IDM UserApps URL | <Identity Applications URL> For example, https://identityapplications.example.com/IDMProv |
The migration tool executes once all the values are provided. For more information on the execution steps, see Steps Executed as part of Migration.
NOTE: You must ensure that the migration tool executes with no errors. The migration will be unsuccessful if errors persist.
NOTE: The updates for the above mentioned attributes are executed through LDAP commands.