[Freeipa-users] ipa migrate-ds

Hello, I am trying to migrate from my an IPA server that has FIPS disabled to an IPA server that has FIPS enabled. Both the old and the new IPA will have DNS, CA, and etc. I ran: ipa migrate-ds --bind-dn="cn=Directory Manager" --user-container=cn=users,cn=accounts --group-container=cn=groups,cn=accounts --group-objectclass=posixgroup --user-ignore-objectclass=mepOriginEntry --with-compat ldap://oldipa.server.com However, when I login to a client machine connected to the new IPA server, my file ownership becomes htony : nobody. What steps have I missed within the migration process? I've tried exporting cn=groups tree from the old IPA server into a LDIF and imported to the new IPA server, but it did not solve the problem. For everything else, DNS, sudoers, automount, and etc, can I simply export from the old server and import into the new server? I also have 100+ client machines, is there an easy way where I can unjoin the machines from old-ipa-server and then join to the new-ipa-server? (My infrastructure is Ansible-enabled) Thanks in advance! Best, Tony