Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Upgrading to BOXI Rel 2 - question about mapping users 1

Status
Not open for further replies.
bessebo

bessebo

IS-IT--Management
Jan 19, 2001
766
US
We currently have a local Crystal NT Users Group and are using Windows NT authentication with Crystal Enterprise 9. We are upgrading to BOXI Release 2 and we want to use Windows AD authentication. Our network person has created an AD group called BusinessObjectsGroup. I have had him add each user that is currently in the Crystal NT Users Group into this new AD group. He has also set up a domain user for Business Objects Enterprise to use when authenticating AD users and groups.
I want to make sure I do everything properly prior to performing the Import Wizard. I want to make sure all existing users get mapped over properly when I import them. At this point do I just have to fill out the proper information in the Windows AD Authentication screen in the CMC? Is there anyone out there who has already done this and is there anything I should be aware of?

Regards,
Bessebo
 
Sort by date Sort by votes
We did this about a year ago.

How many users/groups are you migrating...?

How many folders/objects do you currently secure...?

We took the migration to XI as an opportunity to revist our entire groups and folders structure - and only migrated one business unit (eg. HR, Finance) at a time.
 
Upvote 0 Downvote
We have about 80 users, 10 groups, 16 folders. I just need to know how to set up BOXI properly so that when I import the users that they will be recognized properly and all of the existing security of Crystal Enterprise 9 will stay intact. We don't want to change anything at this time. I just want the exact same security environment. Did you import users and, if so, can you give me details as to what you had to do within the CMC Windows AD authentication screen?

Thanks in Advance,
Bessebo
 
Upvote 0 Downvote
You don't do it in CMC - there is a separate tool called the IMPORT WIZARD.

You need to import everything at the same time, Users/Groups and Folders/Objects.

There is an option for retaining the security.

Read the instructions for the IMPORT WIZARD.
 
Upvote 0 Downvote
I understand that I will be using the Import Wizard to import all reports, users, etc but you I'm pretty sure that you must also set the proper information in the CMC under the Windows AD Authentication screen. Maybe that is only for adding new users...
 
Upvote 0 Downvote
We use AD to authenticate our CE10 users. We have set security on our folders, and each user is part of one or more security groups. Our authentication (either Enterprise, AD or both) is a separate issue.

But to implement AD authentication, we had to add an AD alias to each existing user (by pulling up each user in the CMC, adding the alias, then clicking update). CE then checked AD to verify the credentials and added the alias. AD must be enabled through the CMC before you can add an alias for a user(Authentication > Windows AD tab). From then on we set up new users by adding the AD alias.

As mentioned in a prevous post, import all at the same time to retain users & security groups, or follow the instructions for the Import Wizard if you want to break it down when importing.

Hope that helps.
 
Upvote 0 Downvote
Here is some more handy hints when migrating....

1. Make sure Win AD authentication is turned on and working in BOEXIR2 BEFORE migration - otehrwise it will not import your users and groups.

2. Make sure you bring all objects /users /folders /groups /repository objects together if you want your existing security settings to come over nicely

3. Make sure all services on the BOEXIR2 install are running and enabled BEFORE migrating (needs input and output server enaled to bring over the reports, etc.

4. Give yourself plenty of time to complete this - if you have a big system it could take 60 minutes for the import wizard to take stock of items to migrate. It takes around 8 hours for the Import Wizard to complete our CE10-BOEXIR2 migration - so one mistake - and it's another 8 hours!

5. Do not import discussions and threads if it is not absolutely necessary - as BOEXIR2 handles discussions differently and may cause you some unexplainable errors in functionality of BOEXIR2 if you do..... (we did and I am still trying to overcome them)

I hope this helps!

Cheers
paulmarr



 
Upvote 0 Downvote
Paul,
You first point:

1. Make sure Win AD authentication is turned on and working in BOEXIR2 BEFORE migration - otehrwise it will not import your users and groups.

appears to be key. I turned on the Authentication and added the new AD Group to the Windows AD authentication tab after I imported the users. I also did not perform the full import all at the same time. I thought I could

1)Import all of my users, folders, groups, and objects.
2)Create a Windows AD group called BusinessObjectsUsers.
3)Fill out the Windows AD tab in the Manage Authentication section of the CMC by Adding the BusinessObjectsUsers group to the Mapped AD Member Groups section.
4)Ensure that Assign each added AD alias to an account with the same is chosen.
5)Click Update.

I thought this would convert all of my Enterprise Users that I had imported, to WindowsAD users but it did not.
Also, the users are associated with the proper groups within Business Objects Enterprise but my objects don't have the proper security assigned to them. So my security is also screwed up.

If I have to start over do I just go in and delete all of my users, groups, folders, and objects and ensure that the Windows AD tab is filled out correctly before the import.
Then run the Import Wizard again and make sure everything is checked at the same time?

Any help would be appreciated.

Regards,
Bessebo


3) Then I thought it would automatically convert
 
Upvote 0 Downvote
I also completed several attempts before I got it right and think you will probably have to as well.

I just remove the cms database and replace with a new shell database - empty the Input and Output File Store folders and then start all the services again which returns the software to the "out of the box" state.

It is imperative that you apply SP1 and MHF Sept 2006 before migration as this corrects several bugs in the Import Wizard - and I could not have completed the migration without the MHF Sept 2006.

It would pay to first import one Win AD group and one user from that group to test that Win AD is working before attempting the migration. Once you are satified - remove this group and user before beginning the migration...(we had to modify several web.config files before SSO would work. This took lots of trial and error as the doco isn't good)

You also should make the decision whether you have a business requirement to import any successful completed instances before deciding to migrate them all - this takes considerably longer to import if you request all of them.

My migration attempt also changed the password of the Administrators account to the CE10 password (as it would) which confused me for a few minutes as well.

That's all I can think of at the moment - good luck - and don't get frustrated - you will get it eventually! :)
 
Upvote 0 Downvote
Paul,
What I was planning on doing was using the groups within Enterprise as controlling what people see and can schedule. I only want to use Windows AD so we can have a single sign-on. So, we simply created a Windows AD group called BusinessObjectsUsers and we made sure that all of the users that were in the local Crystal NT Users group into that group. Then when we have a new user our network guy will add the user to that group, I will do an update in teh CMC to move that user over and then add them to the proper groups within Business Objects Enterprise.
I did apply the SP1 and MHF Sept 2006. In fact, it would not let me apply SP 2 before SP1 was installed.
This is becoming very frustrating. Are you saying that I should be deleting everything manually in the Input and Output folders before performing another Import Wizard? So deleting the users, folders, objects, and groups in the CMC will not suffice?


Regards,
Bessebo
 
Upvote 0 Downvote
Paul,
Do you use Kerberos authentication? I am working this issue with my network guy. There are a number of steps that have to be taken. I also want to enable single sign-on so that users don't have to enter a username and a password.

Regards,
Bessebo
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lavadan
  • Locked
  • Question
Export to excel with drop down data
Replies
2
Views
129
hilfy
hilfy
hpl2001
  • Locked
  • Question
BI4/Crystal 2016 upgrade issue with scheduled reports
Replies
1
Views
120
hilfy
hilfy
smmaruf82
  • Locked
  • Question
How to Fixed 4 Column in Crystal Report Crosstab
Replies
1
Views
131
lbass
lbass
zigstick
  • Locked
  • Question
BOXI Enterprise / Link to a file in a folder 1
Replies
2
Views
125
zigstick
zigstick
n2nuk
  • Locked
  • Question
Migrating reports from CR server 2013 to CR Server 2016
Replies
6
Views
213
n2nuk
n2nuk

Part and Inventory Search

Sponsor

Back
Top