cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Migrating from AD (LDAP) to LDS/ADAM - CUCM without hampering dependencies (UCCX/Jabber)

757
Views
0
Helpful
1
Comments
Cisco Employee

Scope of Document : If Customer wanted to migrate from AD to LDS/ADAM without hampering any configurations related to end user which had also dependency on following components.

 

(Jabber

UCCX

Roles

Primary Extn.

IPCC Extn.

Device Association)

 

Difference between AD LDAP & LDS ADAM?

 

Now, Difference between AD LDAP & LDS/ADAM in CUCM perspective.

Below Example Acitve Directory has

mail

sAMAccountName

EmployeeNumber

TelephoneNumber

UserPrincipalName

 

In this sceanrio, All users syncs between CUCM & LDAP using sAMAccountName

 

These are options available under ADAM/LDS :-

 

uid

Mail

EmployeeNumber

TelephoneNumber

UserPrincipalName

 

For AD deployments, the ObjectGUID is used internally in Unified CM as the key attribute of a user. The attribute in AD that corresponds to the Unified CM User ID may be changed in AD.

For example, if sAMAccountname is being used, a user may change their sAMAccountname in AD, and the corresponding user record in Unified CM would be updated.

With all other LDAP platforms, the attribute that is mapped to User ID is the key for that account in Unified CM. Changing that attribute in LDAP will result in a new user being created in Unified CM,

and the original user will be marked inactive.

 

With this being said when you’re transitioning from LDAP to LDS the ObjectGUID will change unless there is a way to import the existing LDAP users into LDS while keeping the ObjectGUID attribute.

 

Important : LDAP Sync will match userid once we integrate CUCM with LDS & existing user will result in as Inactive & new user being created in Unified CM as AD LDS doesn't have any option of sAMAccountname & it won't match existing user.

 

For Example you are integrating new user's with mail for AD LDS, You will see all users with Mail address as userid coming from LDS to CUCM

 

First make all ldap users as local user with SQL Queries and then we can use BAT tool to pull all end user's and then change the userid on excel and user id as mail address & delete existing users from CUCM then upload these end user's via BAT & you will see those user's with there existing dependencies with set of roles, device association everything and then hit sync via LDS on CUCM and you will see existing local user as LDAP active user with email and with minimum down impact.

 

Please rate helpful!

Cheers :)

Rahul Kantore

 

1 Comment
Contributor

If you’re going to do all that and dip with a SQL query why not just change the fkdirectorypluginconfig to the new sync relationship right off instead of adding extra steps? The difference in the UID attribute only matters for the directory configuration, not the end user table - it should not duplicate user records if the values are the same in both directories. The new sync should even just change it itself, whichever one runs later. 

 

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards