Showing results for 
Search instead for 
Did you mean: 

Aging out user profiles in Call Manager

Oli Laurent
Cisco Employee
Cisco Employee

If a user profile is deleted in AD what is the length of time before that user is “aged out” / removed from the CUCM and CUC user DB?

Is there a difference between how it works in 4.1 with Cisco Customer Directory Configuration Plug In vs. LDAP Synchronization in later version?

My understanding is that in 4.1 the Plug In extends AD database to Call Manager and it is not embedded in Call Manager as it is in 5.0 and later. Not sure how that plays on removing users from CUCM through synchronization.

Additionally, my understanding is when a user profile is removed from AD, it gets flagged during Synchronization and that could take a minimum of 6 hours after sync for the user profile to be removed in CUCM or whatever the synchronization is scheduled to.

1 Reply 1

Dennis Mink


It all depends on your sync frequency. If you remove users from AD, CUCM will mark them as "delete pending".

CUCM garbage collector will rip these out 24 hrs later.

Every night at 3.15 am, an internal process called the Garbage Collector service runs. This process permanently deletes any account that has been in the

Inactive – Delete Pending state for over 24 hours. The Cisco Unified Communications Manager does not sync Active Directory passwords. Cisco Unified Communications Manager has no knowledge of Microsoft Active Directory encryption mechanism. Instead, in Cisco Unified Communications Manager 5.0, a default password of ciscociscoand a default PIN of 12345are assigned.


Please remember to rate useful posts, by clicking on the stars below. 


Please remember to rate useful posts, by clicking on the stars below.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers