The wizard interface is mostly self-explanatory but here it's broken down to all the steps and various options.
After installation, the program should show up in your Start menu. Running it for the first time, you'll see the following screen:
If you expect you'll be running this program often and do not want to see this welcome message, clear the checkmark next to Uncheck to skip this screen next time.
The first step in your user migration is to connect to a directory tree and bind to it using credentials that allow modifying attributes of the contained user items. If you are running the program locally from an account with administrative privileges you do not need to change any of the settings. If you want to modify users in a remote AD or if you want to specify just a sub-tree on the local machine, you have to enter a path in the canonical LDAP://cn=object,cn=users,dc=domain,dc=com format (I hope to write a little section on this notation alone). If you need to bind as another user, choose Specify credentials below.
If you click on Next the program will connect and bind using the information you provided (or the defaults) and list all the user items in that subtree. Well, actually not ALL user items - the accounts that are hidden by the system are also hidden by Charon. If you click on Advanced you will be presented with two additional options:
If you only want to see users that heven't been mapped yet, check Hide users that already have a mapping. That was pretty easy. The next one is harder.
Since most likely the point of this migration is to enable a single sign-on, users do not need to (and should not) know the passwords for their domain accounts. As an aside, you might want to generate random passwords for these users or bug me to implement password generation in Charon. Because of this the User needs to change password on next logon flag, which is set by default when new accounts are created, should be cleared. You also don't want the password to expire on this user. If you know you need the user to have access to the domain account, check Change password handling behavior.
After the list of users loads and you make a selection you can click Next to define the mapping rules:
The last step in the migration is defining the Kerberos realm. As noted, the realm name should be entered in all uppercase. Here you're also presented with the option to append to or overwrite existing user mappings. The default is not to modify users that already have a mapping. Adding a new mapping is pretty straight-forward. Replacing a mapping replaces ALL the user's mappings and should be used with caution.
When you click on Next your users will be migrated and Charon will show you the results:
The returned text can easily be copied for logging purposes. If you want to migrate another batch of users, click Back.
