Account templates are not part of the IM object store, so they are not exported in the roles.xml.
Can account templates be exported?
12.5 & 12.6
They exist at the provisioning layer.
There is no documentation or tool to migrate the Account Templates. An approach that others have tried which you can try as well is listed below. Please note that this is provided as-is and you should first test it out.
In existing (ie. Development) environment:
a. Dump the account template from the Provisioning Server (port 20389) via Jxplorer
b. Remove the eTID values for each Account Template in the ldif file
c. Adjust the attributes (i.e. endpoint name) as needed
In New IM environment:
Import the role definitions on IM console, this will recreate all the
Import the ldif to new IMPS (port 20389) via Jxplorer (the endpoints
should already have been acquired/explored
Note: The Account Templates will not be associated to the Provisioning Roles
Manually associate the Provisioning Role and the Account Templates
The Role <-> Template and the Template <-> Endpoint mapping are handled via special inclusion objects which is why you don't see it as part of the Template LDIF file you exported. You will need to manually re-link the Role to the Template and the Template to the Endpoint. You could use the etautil tool to help you with this.
etautil -u USER -p PWD -f INPUT.txt
where input.txt contains etautil commands (one per line) such as:
add 'eTNamespaceName=ActiveDirectory' eTADSDirectory
eTADSDirectoryName='My_Endpoint' in 'eTADSPolicyContainerName=
Active Directory Policies,eTNamespaceName=CommonObjects'
add 'eTRoleContainerName=Roles,eTNamespaceName=CommonObjects' eTRole
eTRoleName='My_Role' in 'eTADSPolicyContainerName=Active Directory