Solved: Bulk modification of Identity information Cisco ISE

GabsC2 · ‎04-26-2023

Good day,

I'm trying to do a bulk modification of users data in a Cisco ISE. We're migrating from an ACS to and ISE and I've migrated all the TACACS users from one to another. All the users are disabled because of the password policies and have the passwords outdated because the backup is from a couple of months back so I need to activate all the users, change the passwords of all the users to a generic password and activate the option to ask to change the password in the next login. The issue is that we have more than 500 users and do this manually is very time consuming. I've exported the user identity data from the Identities, opened in excel, changed text to columns, change all the data I needed and when I try to import the information it doesn't accept it. I need your help to see if there's a way I can change the data in excel and import it to the ISE once I change text to columns because I see that the ISE is waiting for the data to be comma separated and after I change it it doesn't accept it

GabsC2 · ‎05-08-2023

Thanks for the input @thomas

I don't know why Excel opens the CSV file as showed, that's why I have to convert it. Let me try the 2 suggestions you made to see if it works

View solution in original post

Nancy Saini · ‎04-26-2023

If you have successfully imported the users to ISE and want to enable it then on ISE 3.1 use option "Change Status of All".

GabsC2 · ‎04-26-2023

That options helps with enabling all or the selected the users at the same time but the real issue is changing the password and activating to change the password in the next connect.

Greg Gibbs · ‎04-26-2023

What version of ISE are you using? What specific error(s) are you getting?

I tested on a small scale with ISE 3.1p6 by exporting 2 disabled users via CSV, opened in Excel, changed the 'Is Password Encrypted', 'Enable User', and 'Change Password on Next Login' fields, saved as CSV, and imported back to ISE.
I did not get any errors and the changes were applied to the users.

One of the biggest problems I've seen in the past with CSV imports is that either Excel is saving the file in xls/xlsx format instead of CSV or it is adding whitespace in some of the fields. You might want to confirm these are not happening.
In order to check for whitespace, you might need to open the CSV file in another tool like Notepad++.

Greg Gibbs · ‎04-26-2023

Another option would be to use the ERS API to modify the user attributes programatically.

https://developer.cisco.com/docs/identity-services-engine/latest/#!internaluser

GabsC2 · ‎04-27-2023

I'm using ISE 2.7

I'm receiving this error

The archive is CSV

I opened the csv file modified in Notepad++ and doesn't seem to be anything amiss.

ahollifield · ‎05-02-2023

Just an FYI to help you prepare for a future upgrade from 2.7: https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-2943876.html

GabsC2 · ‎04-27-2023

I exported the users again, changed 2 passwords without changing it from text to colums, save it at CSV and the import worked. It seems that the issue is when I change text to columns but that's what I need because is the easiest way to bulk change the data in the CSV file. Is there a way to make it work when I change the text into columns?

Charlie Moreton · ‎05-02-2023

I see from above that you have saved the file as 'Microsoft Excel Comma Separated Values File (.csv)'. I have seen that as an issue before. You should save it as 'CSV UTF-8' as shown below:

GabsC2 · ‎05-02-2023

Good day @Charlie Moreton ,

Yes, I modified it and save it in the same format I downloaded it, I didn't change the format. I'll try to see if that helps. This is the 3rd time I tried with different devices (ISE and computers) and the error is always the same.

GabsC2 · ‎05-02-2023

Good day,

I don't have that option

poongarg · ‎05-01-2023

I just tested on my LAB ISE 2.7 node with 4 users present in disabled state. Exported the identities and opened the CSV file and made modifications like assigned default password to all users, encryption FALSE, Change Password at next login as Yes. Also added a new user in the same CSV file. Saved it and imported successfully on the ISE node. Later enabled all users. No issue observed.

GabsC2 · ‎05-02-2023

Good day @poongarg ,

I tried with less users and received the same error

poongarg · ‎05-02-2023

As per the attached file, the users mod.csv is not exactly in the same format as users (1).csv file.

This is what I am seeing when I opened your users mod.csv file. If you are just changing the values and saving the same file or making any other modifications.

In my case, I did changes in the values of columns and then saved the same file and imported on ISE. The format was not changed.

GabsC2 · ‎05-02-2023

Good day @poongarg ,

When I export the data from the ISE I receive the information in the format of users (1). Since I need to change a lot of information of a lot of users that is not the same I need to change the format from comma delimited to columns. After I do that I change all the information I need but the device doesn't accept the users mod format. Excel doesn't have an easy way to return the information to comma delimited so my question is if there's a way the ISE could accept the data formatted as users mod