When using the NSX-T migration coordinator for the migration of your NSX for vSphere environment to NSX-T Datacenter. You can run into an issue where you are left with a bunch of temporary objects (mostly groups).
These groups enabled you to seamlessly migrate from NSXv to NSX-T. After finishing the migration these groups don’t have any function any more and leave a statically configured distributed firewall rulebase behind. This can result in a unpredictable environment and therefor must be cleaned up.
Luckily VMware uses tags to identify these temporary groups. You can identify these groups by the tag scope “v_temporary” and by their description “Temporary Applied_To Security Group for Migration”. Be caution with objects with the “v_origin” scope, these are the original objects from NSX for vSphere which you absolutely don’t want to delete.
You can now quickly identify the “temporary migration” groups, but as they are nested, you cannot simply delete them. You have to remove them from any parent group(s), before you can delete them.
I’ve created a script which executes all above mentioned steps, leaving a cleaned up environment!
WARNING: the use of this script is at your own responsibility!
You can find this NSX-T migration coordinator cleanup script here!