7.2. Migrate from Synchronization to Trust Manually Using ID Views
You can use ID views to manually change the POSIX attributes that AD previously generated for AD users.
- Create a backup of the original synchronized user or group entries.
- Create a trust with the synchronized domain. For information about creating trusts, see Chapter 5, Creating Cross-forest Trusts with Active Directory and Identity Management.
- For every synchronized user or group, preserve the UID and GIDs generated by IdM by doing one of the following:
- Individually create an ID view applied to the specific host and add user ID overrides to the view.
- Create user ID overrides in the Default Trust View.
NoteOnly IdM users can manage ID views. AD users cannot.
- Delete the original synchronized user or group entries.
For general information on using ID views in Active Directory environments, see Chapter 8, Using ID Views in Active Directory Environments.