Reputation: 8127
Azure subscription migration to new tenant: save RBAC
I need to migrate Azure subscription to new tenant (Azure AD)
According to documentation and similar questions RBAC has to be set from scratch again
Is there any way to automate it? Export Subscription's IAM rules and import them to new one?
Upvotes: 2
Views: 181
Answers (1)
Reputation: 58981
I might be wrong, but: I guess the answer is no since the users within the RBAC definition must be stored using the AAD Object Id (because the e-mail may change). So I think this is technically impossible (at least without some kind of manual mapping).
However, you might be able to create a mapping by retrieving all users from TenantX and from TenantY and perform the user mapping based on some properties. Then you could use the Get-AzureRmRoleAssignment cmdlet to retrieve the RBAC rules, store it somewhere (e. g. as JSON), change the directory and then re-apply the RBAC rules with changed ObjectIds using the New-AzureRmRoleAssignment cmdlet.
Upvotes: 2
Related Questions
- How can I associate a subscription with a new tenant in Azure?
- How to Move Resource group in AZURE from 1 subscription (1 tenant id ) to another subscription ( another tenant ID)
- Migrate Azure Storage account to a different subscription
- Transfer Azure subscription - MSDN to MSDN
- Move Azure subscription to another tenant with powershell
- Move Azure subscription to another tenant
- Azure AD B2C change password on migration
- AZURE - How to migrate resources from a tenant to another
- Using Move-AzureRmResource to different subscription with different tenants
- Migrate Azure AD to a new subscription