Windows Security Identifier data in the User Authorization Manager data store is extracted from the source system and converted to User Principal Name format. This data is migrated to the target vCloud Automation Center system.

Role membership identifies users and groups who are using Windows Security Identifier (SID) format. In vCloud Automation Center, this information is stored in a Single Sign-on (SSO) authorization store. The SSO store identifies each user and group by using a UPN format. All security identifiers are migrated to the SSO store in the target system.

The following table contains an example of the two formats.

Example of User Name Equivalent in SID and UPN format

Source SID Domain Format Sample User

Target UPN Format Sample User



vCloud Automation Center only accepts security identifiers in UPN format.

During the process of migrating user information, vCloud Automation Center 5.2 security data in Windows Security Identifier format is extracted and converted to UPN format by connecting and querying the Active Directory domain for UPN identifiers. The converted fully qualified UPN identifiers are cached in temporary tables to be committed to the vCloud Automation Center authorization store.

The migration process creates one principal extension for each UPN and adds the extensions to the target default tenant.

For related information, see Prerequisites for vCloud Automation Center Migration. For details about establishing domain trust during vCloud Automation Center installation and configuration, and about configuring the Identity Appliance see Installation and Configuration in the vCloud Automation Center documentation.