02-27-2009 11:31 AM - edited 03-10-2019 04:21 PM
Hi, We have 2 ACS servers each handling different sets of several hundred devices. I need to merge the 2 databases (users, groups and devices) into a third ACS 4.2 server.
My thoughts are to do a backup of one and do a restore on the new server. Now, I need to find a way to import the users, groups and devices from the second ACS server into the new consolidated ACS. I've been searching, and I have not found a way to import the users, groups and devices without removing the devices that were added from the first ACS sever. Does anyone have any recommendations?
Solved! Go to Solution.
03-02-2009 11:22 AM
Try this. On each ACS server run CSSupport (or the support page in ACS Admin) to generate a package cab.
If you open the cab there will be two CSV files - one for NDGs and one for devices.
Using excel you can merge these two CSVs. To get the data back into ACS you'll need to create an account actions CSV file and process it with RDBMS Sync.
Action code 250 adds an NDG
Action code 220 adds a device
Action code 252 assigns device to NDG
It might sound like a chore, but its largely a cut and paste exercise.
If you routinely use RDBMS sync to add your devices it means you'll always have an up-to-date actions file that you can throw at another server should you need to.
Full info on RDBMS Sync at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html
The simpler way is to download the SQL Anywhere developer tools and ask Cisco about loading up the ndg and device tables directly from CSV files. It can be done but I doubt they'll give you the database sa password.
02-27-2009 06:28 PM
hey there, sadly there is not straight forward way to do this and instead you might have to go over several processes and even like that it is not a guarantee that all the information will persist intact. With this I mean that some of the information you will have to manually put it yourself.
I am thinking first that you would need to tell us whether you have ACS Solution Engine or ACS for Windows. Reason for this is due to the fact that what I will suggest is using the CSUtil tool that the ACS for windows has.
Now assuming you do have ACS for windows, you can use CSUtil to dump all of your users and groups into a file which has the users categorized under the groups, you can use this file to merge it with the other one and then use it to import it (after having edited it) to the 3rd one, then you will have your users and groups. I don't think, however, that this applies for your network devices though. Check the link for CSUtil and see if this helps to achieve your goal or gets you closer to your goal.
02-27-2009 06:42 PM
Hi, Thanks for the message. We have a small number of network admins and groups, so I'm not as concerned about the users and groups, although I would have to make sure I configure all of the restrictions.
The most time consuming task will be to manually enter all of the AAA devices and I didn't see a way to export/import devices in the documentation.
03-02-2009 11:22 AM
Try this. On each ACS server run CSSupport (or the support page in ACS Admin) to generate a package cab.
If you open the cab there will be two CSV files - one for NDGs and one for devices.
Using excel you can merge these two CSVs. To get the data back into ACS you'll need to create an account actions CSV file and process it with RDBMS Sync.
Action code 250 adds an NDG
Action code 220 adds a device
Action code 252 assigns device to NDG
It might sound like a chore, but its largely a cut and paste exercise.
If you routinely use RDBMS sync to add your devices it means you'll always have an up-to-date actions file that you can throw at another server should you need to.
Full info on RDBMS Sync at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html
The simpler way is to download the SQL Anywhere developer tools and ask Cisco about loading up the ndg and device tables directly from CSV files. It can be done but I doubt they'll give you the database sa password.
03-03-2009 09:08 AM
Thanks darpotter!
04-07-2010 05:55 AM
Can anyone confirm, that this also works for 4.2.1?
I have the Package.Cab, but it looks like the only .csv files are the logs.
I see the users/gropups in "UserTable.txt" but I can't seem to find anything with NDGs or Clients in it?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide