Transfer content from an old Active Directory account to the new SAML account using ArcGIS API for Python

Summary

To access an ArcGIS Enterprise portal, each organization has a specific type of authentication.

For users relying on Active Directory authentication to access their Portal environments, challenges can arise when changing to SAML authentication. After changing authentication methods, the format of the usernames in a given organization would change.

Below is a Python script to transfer contents from the old usernames with the format of "username@D1" to the new usernames with the format of "username." While this workflow can be performed manually, it can be cumbersome in organizations where the number of members in ArcGIS Enterprise portal is high.

The quickest option is developing a Python script and applying this change programmatically.

Reviewing the ArcGIS API for Python documentation to Move existing user content to a new user and adopting its sample code, the below script was created to transfer contents from the old accounts/usernames (username@D1) to the new ones (username).

Procedure

The following is the Python sample code.

from arcgis.gis import *

gis = GIS(url="portal URL", username="username", password="password", verify_cert=False)

username_list=[]
search_all_users = gis.users.search("*")
for user in search_all_users:
  username_list.append(user.username)
  
domain_list = [username for username in username_list if "@" in username]
print(domain_list)
  
nested_list = []
for d_username in domain_list:
   username_split = d_username.split("@")
  
   if username_split[0] in username_list:
     nested_list.append([d_username, username_split[0]])
print(nested_list)

for pair_username in nested_list:
   old_username = pair_username[0]
   new_username = pair_username[1]
   print(old_username, new_username)

   old_user_search = gis.users.search(old_username)
   old_userid = old_user_search[0].id
   print(old_userid)
   olduser = gis.users.get(old_userid)
   print(olduser)

   usergroups = olduser['groups']
    
   for group in usergroups:
     grp = gis.groups.get(group['id'])
     if grp.owner == old_username:
       grp.reassign_to(new_username)
       grp.remove_users(old_username)
     else:
       grp.add_users(new_username)
       grp.remove_users(old_username)
      
   usercontent = olduser.items()
   print(usercontent)
 
   new_user_search = gis.users.search(new_username)
   new_userid = new_user_search[0].id
   print(new_userid)

   folders = olduser.folders
   print(folders)

   for item in usercontent:
     try:
       item.reassign_to(new_username)
     except Exception as e:
       print("Item may have been already assigned to the user.")

   for folder in folders:
     gis.content.create_folder(folder['title'], new_username)
     folderitems = olduser.items(folder=folder['title'])
     for item in folderitems:
       item.reassign_to(new_username, target_folder=folder['title'])