7.2. Migrate from Synchronization to Trust Manually Using ID Views

You can use ID views to manually change the POSIX attributes that AD previously generated for AD users.
  1. Create a backup of the original synchronized user or group entries.
  2. Create a trust with the synchronized domain. For information about creating trusts, see Chapter 5, Creating Cross-forest Trusts with Active Directory and Identity Management.
  3. For every synchronized user or group, preserve the UID and GIDs generated by IdM by doing one of the following:
    • Individually create an ID view applied to the specific host and add user ID overrides to the view.
    • Create user ID overrides in the Default Trust View.

    Note

    Only IdM users can manage ID views. AD users cannot.
  4. Delete the original synchronized user or group entries.
For general information on using ID views in Active Directory environments, see Chapter 8, Using ID Views in Active Directory Environments.