LDAP sync CUCM/UCCX 8.5 - CCXAdmin end user?

mmoulson1 · ‎08-26-2011

Hi All,

I’m about to LDAP sync CUCM 8.5 with Microsoft AD. I’m also using UCCX 8.5.

I managed to lock myself out of my lab install by doing an LDAP sync and losing my CCX Admin end user. I’ve seen a few posts with the same issue but no resolution apart from TAC case for CET/”Fresh_Install”.

What is the procedure to LDAP sync when you already have UCCX integrated?

Thanks in advance.

Matty

Anthony Holloway · ‎08-26-2011

You should create your uccxadmin account in AD before you link it to CUCM. This way it will not be flagged for deletion in CUCM.

You will need TAC to use CET for you (it reuires root level access), so they can reset you to a fresh install, and allow you to go through the intial wizard again.

mmoulson1 · ‎08-26-2011

So just create a user in AD with the same username? Will it start using the password from AD after it is sync'd?

Thanks

Matty

Anthony Holloway · ‎08-26-2011

mmoulson1 wrote:

So just create a user in AD with the same username?

Well, yes, but BEFORE you integrate CUCM with AD. It's not retroactive.

mmoulson1 wrote:
Will it start using the password from AD after it is sync'd?

Yes it will start using the password from AD.

Once you mess up, and integrate with AD, and the account gets deleted from CUCM, it also gets deleted from UCCX. The act of simply recreating the account in AD (or in CUCM if you broke the AD integration) will not automatically put the account back into UCCX as an Admin.

Think about this situation. You have an employee, who administers UCCX, and you fire them and delete their AD account. That account is no longer an admin in UCCX. If a week goes by and they get hired back on, and their account is recreated, they are not automatically an admin in UCCX again. You have to manually make them an admin. This requires that you have another admin account to do it with.

In your case, it sounds like you only had uccxadmin, as an admin, and locked yourself out. Hence the CET tool and TAC.

mmoulson1 · ‎08-30-2011

Hi Anthony,

Many thanks for your advice.

I locked myself out of my lab version but that was not a problem as I could re-install.

However I am in the process of putting one into production for a customer so I will certainly get my AD account sorted first

before I setup the LDAP.

Matty

mmoulson1 · ‎09-06-2011

Hi Anthony,

Just to update you on my progress!

I had 2 browser windows open (1 logged onto CUCM administrator the other on UCCX administrator).

I completed the LDAP configuration on CUCM. Looking at the end user list I could see my ‘uccxadmin’ account had changed to an ‘Inactive’ state!

I went to my other browser window on UCCX and into the ‘Administrator Capability View’ I could see my LDAP synced users under ‘Available Users’ but no user listed under ‘Cisco Unified CCX Administrator’! I selected a couple of AD accounts and defined them as administrators. I then logged out of UCCX admin then back in again with my AD account, which worked without problem.

I later discovered the uccxadmin account had been created in a different OU that did not sync under LDAP! So a lucky escape with the above.

Regards

Matty

Anthony Holloway · ‎09-06-2011

Holy buckets, did you get lucky. Wow. Nice job though, with the dual windows and all. Glad everything worked out.