Scope of Document : If Customer wanted to migrate from AD to LDS/ADAM without hampering any configurations related to end user which had also dependency on following components.
(Jabber
UCCX
Roles
Primary Extn.
IPCC Extn.
Device Association)
Difference between AD LDAP & LDS ADAM?
Now, Difference between AD LDAP & LDS/ADAM in CUCM perspective.
Below Example Acitve Directory has
mail
sAMAccountName
EmployeeNumber
TelephoneNumber
UserPrincipalName
In this sceanrio, All users syncs between CUCM & LDAP using sAMAccountName
These are options available under ADAM/LDS :-
uid
Mail
EmployeeNumber
TelephoneNumber
UserPrincipalName
For AD deployments, the ObjectGUID is used internally in Unified CM as the key attribute of a user. The attribute in AD that corresponds to the Unified CM User ID may be changed in AD.
For example, if sAMAccountname is being used, a user may change their sAMAccountname in AD, and the corresponding user record in Unified CM would be updated.
With all other LDAP platforms, the attribute that is mapped to User ID is the key for that account in Unified CM. Changing that attribute in LDAP will result in a new user being created in Unified CM,
and the original user will be marked inactive.
With this being said when you’re transitioning from LDAP to LDS the ObjectGUID will change unless there is a way to import the existing LDAP users into LDS while keeping the ObjectGUID attribute.
Important : LDAP Sync will match userid once we integrate CUCM with LDS & existing user will result in as Inactive & new user being created in Unified CM as AD LDS doesn't have any option of sAMAccountname & it won't match existing user.
For Example you are integrating new user's with mail for AD LDS, You will see all users with Mail address as userid coming from LDS to CUCM
First make all ldap users as local user with SQL Queries and then we can use BAT tool to pull all end user's and then change the userid on excel and user id as mail address & delete existing users from CUCM then upload these end user's via BAT & you will see those user's with there existing dependencies with set of roles, device association everything and then hit sync via LDS on CUCM and you will see existing local user as LDAP active user with email and with minimum down impact.
If you’re going to do all that and dip with a SQL query why not just change the fkdirectorypluginconfig to the new sync relationship right off instead of adding extra steps? The difference in the UID attribute only matters for the directory configuration, not the end user table - it should not duplicate user records if the values are the same in both directories. The new sync should even just change it itself, whichever one runs later.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: