Millions of networks use shared resources that are managed using directory servers. A directory server is a software application or a set of applications that stores, manages, administers and organizes information about network users and network resources, which may include volumes, folders, files, printers, users, groups, devices, data or any other shared resource. Typically, a directory server includes access policies that are used to control users' access to the resources.
An access policy typically includes multiple attributes that may be set to define a user's access to one or more resources. For example, attributes in an access policy may include a user identifier, a user password, a resource identifier, and an access level. When an application attempts to access a resource, the directory server evaluates the attributes associated with the user of the application to determine whether to grant the application access to the resource and the level of access the application is allowed.
Access policies may be changed when a new version of a directory service is created. These changes may include, for example, adding new attributes, combining previously separate attributes, splitting a single attribute into multiple attributes, changing the format of an attribute, and/or modifications to conform the access policy to a standard access policy. When the new version of the directory service is deployed to replace a previous version, a system administrator typically manually applies any changes that must be made to transfer the information in the attributes of the previous version of the access policy to the attributes in the new version of the access policy. Further, the previous version of the directory server continues to be used until the access policy changes are completed and tested.