Cisco Support Community
Community Member

Updating an ACS 4.2 to 5.5 migration


I'm migrating an ACS system from 4.2 to 5.5.  This is pretty complex as I'm sure you know, but in our case, there's an added complication.

The initial migration went smoothly and we have built the 5.5 system to operate in the same way as the old 4.2 but that required major changes (obviously) with lots of new user fields and different device group mappings etc.

We were unable to cut over to the 5.5 system imediately due to the complexity and so we have a new 5.5 system that is out of date with the older 4.2 now.


I've developed a process to update the 5.5 with current data from the 4.2 using a temp 4.2 and a temp standalone 5.5 which goes:

Restore a current backup of the live 4.2 to the temp 4.2

Migrate from the temp 4.2 to the temp 5.5

Export data from the temp 5.5

Munge the data using locally grown scripts to the new 5.5 layout

Import the resulting munged data to the live 5.5 primary


This worked fine for the devices (some 900 odd) but I can't get it to work for the users (nearly 3,000) because the exported data from the temp 5.5 system does seem to contain the users local passwords.  Device exports do contain the shared secrets though.

Does anyone know a way to migrate users (including passwords) from one 5.5 to another?

It would be easy if we could make the temp 5.5 a primary and suck the data onto the live 5.5 but the configs are radically different so we can't do it that way.

We could re-migrate from 4.2 to the live 5.5 but then we'll need to make a lot of manual changes (users into groups, devices into groups etc) to get it working before we can cut over..




Everyone's tags (1)
CreatePlease to create content