Export Data from Cisco Secure ACS
After starting the migration tool, complete the following steps to export data from Cisco Secure ACS to the migration tool.
In the Cisco Secure ACS to Cisco ISE Migration Tool window, click Settings to display the list of data objects available for migration.
(Optional) You are not required to configure the dependency handling in order to perform migration. Check the check boxes of the data objects you want to export in case their dependency data is missed and click Save.
In the Cisco Secure ACS to Cisco ISE Migration Tool window, click Migration and then click Export From ACS.
Enter the Cisco Secure ACS host name, user name, and password and click Connect in the ACS5 Credentials window.
If you choose the migration of ACS 4.x supported objects, you must enter the hostname of the ACS 4.x machine in the ACS4 Hostname field and click Connect in the ACS4 Host Information window.
You can monitor the migration process in the Cisco Secure ACS to Cisco ISE Migration Tool window, which displays the current count of successful object exports and lists any objects that triggered warnings or errors.
To get more information about a warning or an error that occurred during the export process, click any underlined numbers in the Warnings or Errors column in the Migration tab. The Object Errors and Warnings Details window displays the result of a warning or an error during export. It provides the object group, the type, and the date and time of a warning or an error.
Scroll to display the details of the selected object error, and then click Close.
When the data export process is completed, the Cisco Secure ACS to Cisco ISE Migration Tool window displays the status of export that Exporting finished.
Click Export Report(s) to view the contents of the export report.
To analyze the policy gap between Cisco Secure ACS and Cisco ISE, click Policy Gap Analysis Report.
The migration tool maintains a cache for the exported objects and retrieves them for subsequent exports.
Password Compliance during Export
The migration tool adheres to password compliance during the export process.
Following is the list of error messages that might occur during the export process if the password of the user does not meet the password complexity requirements:
user: Failed to Export because its password does not match with the password Complexity
Password length should be minimum of '5' characters.
Password should not contain 'cisco' or its characters in reverse.
Password should not contain 'hello' or its characters in reverse.
Password should not contain repeated characters four or more times consecutively.
Password should contain at least one Lower case character.
Password should contain at least one Upper case character.
Password should contain at least one Numeric Character.
Password should contain at least one non alphanumeric characters.
If you enable password hash for internal user in Cisco Secure ACS and try to export the internal user, the migration tool displays the following error message:
user: Failed to Export because its configured with Password Hash which is not supported by ISE, disable this configuration in ACS and export again.