Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14946
Views
50
Helpful
16
Replies

Bulk method of converting LDAP users into local users

Go to solution
Michael Gerrard
Level 1
Level 1

‎09-04-2013 06:52 AM - edited ‎03-16-2019 07:12 PM

Hi there,

We were wondering if anyone using CCM 9.1 had a way of bulk editing users to convert them from LDAP users to local? Unfortunately there is no BAT option to do this, even in 9.1.2, so we're a bit stuffed, as there are over 3000 users to do manually!

Things we've tried so far:

- Seeing if there was a standard BAT way of changing this value

- Exporting All Users into a CSV, to see if there is a difference between LDAP and local users that we could use to perform a bulk update.

Data dictionary: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/datadict/9_1_1/datadictionary_911.pdf

- Started going through the data dictionary to see if we could find the key that indicates whether a user in the database is a local/LDAP user or not. We're still digging on this. NOTE that "Local User" seems to be set to true for all users in the database, probably indicating that they are an EMCC Local User, rather than LDAP.

- Ran a few SQL commands to experiment. What's interesting is that if you try the following:

run sql update enduser set status=2 where userid = "mgerrard"

...you can see in End User pages the "User Status" of that user changes to "Inactive LDAP Synchronised User". We assumed therefore that the status key was probably the one to edit, because the "User Status" of a local user already in the system is in the same column. Not so, unfortunately. Changing the status to values other than 1 or 2 seems to break things. Just to point out that if you run:

run sql select status from enduser where userid = "SIPspeaker"

....where the SIPspeaker is already a local user, rather than LDAP synchronised, the status is still 1.

So does anyone have any fresh ideas? There are so many tables, that we can't really tell where in the database the system says whether a user is LDAP Sync'd or not.

Any help appreciated!

Mike.

1 person had this problem
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
m.gravel
Level 1
Level 1

‎10-21-2013 11:46 AM

Hi Michael,

Export the users using BAT Import/Export option and select only End Users from the User Data section.  Once you have the exported TAR file extract it and remove the rows leaving only the rows with the users you want to change to local account.  (This is faster than having to import all the rows again with unchanged data)

Find the column "DIRECTORY PLUGIN CONFIG".  This column will show the LDAP Directory name you created in CUCM.  Set the value to "NULL" without the quotes for all the users.

Repackage your tar file and upload and import using the BAT Import/Export option.  Make sure you choose overwrite the existing information.  When I tested it I only selected the End User data when importing as the export automatically adds in Fall Back Feature Configuration.

Marc

View solution in original post

Go to solution
Jon Snipes
Level 1
Level 1
In response to Robert Thomas

‎02-25-2015 08:05 AM

run sql update enduser set fkdirectorypluginconfig=NULL where userid='<userid>'

View solution in original post

Go to solution
zandokan1978
Level 1
Level 1
In response to Jon Snipes

‎08-03-2017 11:22 AM

Do you know if there is a way to do all users?

View solution in original post

0 Helpful
16 Replies 16

Go to solution
Michael Gerrard
Level 1
Level 1

‎09-05-2013 05:17 AM

Any ideas anyone?

0 Helpful

Go to solution
Ayodeji Okanlawon
VIP Alumni
VIP Alumni
In response to Michael Gerrard

‎09-05-2013 05:28 AM

The easiest way I can think of is to disable LDAP intergation and check the button that says convert ldap users to local users. There is no BAT way to convert ldap users. You have to disable LDAP first

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

Go to solution
m.gravel
Level 1
Level 1

‎10-21-2013 11:46 AM

Hi Michael,

Export the users using BAT Import/Export option and select only End Users from the User Data section.  Once you have the exported TAR file extract it and remove the rows leaving only the rows with the users you want to change to local account.  (This is faster than having to import all the rows again with unchanged data)

Find the column "DIRECTORY PLUGIN CONFIG".  This column will show the LDAP Directory name you created in CUCM.  Set the value to "NULL" without the quotes for all the users.

Repackage your tar file and upload and import using the BAT Import/Export option.  Make sure you choose overwrite the existing information.  When I tested it I only selected the End User data when importing as the export automatically adds in Fall Back Feature Configuration.

Marc

Go to solution
Jose Ignacio Leite Neto
Level 1
Level 1
In response to m.gravel

‎06-24-2017 12:50 PM

thanks for this!

adding NULL to DIRECTORY PLUGIN CONFIG on the export/import .csv is the best way to remove LDAP active users.

Go to solution
Robert Thomas
Level 7
Level 7

‎10-21-2013 09:37 PM

Don't quote me on this, but I remember seen an SQL way of doing this. I'll have to check back tomorrow through my notes once I'm in the office. Please remind me during tomorrow so I can check for those SQL.

0 Helpful

Go to solution
Jon Snipes
Level 1
Level 1
In response to Robert Thomas

‎02-25-2015 08:05 AM

run sql update enduser set fkdirectorypluginconfig=NULL where userid='<userid>'

Go to solution
zandokan1978
Level 1
Level 1
In response to Jon Snipes

‎08-03-2017 11:22 AM

Do you know if there is a way to do all users?

0 Helpful

Go to solution
vaibsha2
Level 1
Level 1
In response to zandokan1978

‎08-03-2017 11:32 AM

The method refered above by Abhay Reyal would do it for all the users.

Regards

Vaibhav

0 Helpful

Go to solution
zandokan1978
Level 1
Level 1
In response to vaibsha2

‎08-03-2017 11:36 AM

Yeah, I didn't want to do it that way but I found the SQL query.

run sql update enduser set fkdirectorypluginconfig=NULL where fkdirectorypluginconfig IS NOT NULL

0 Helpful

Go to solution
Mark Lyman
Level 5
Level 5
In response to zandokan1978

‎01-18-2018 10:06 AM

run sql update enduser set fkdirectorypluginconfig=NULL where fkdirectorypluginconfig IS NOT NULL

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Mark Lyman

‎01-19-2018 09:24 AM

Its not recommended to update cucm using sql commands. It rather preferred
to use axl in order to avoid breaking the database
0 Helpful

Go to solution
vaibsha2
Level 1
Level 1

‎05-12-2016 05:24 AM

The best solution is to use the sql command,however with just a slight modification,you can do this for a lot of users.

run sql update enduser set fkdirectorypluginconfig=NULL where userid IN ('userid1', 'userid2', ‘userid3’, 'userid4', 'userid5')

0 Helpful

Go to solution
Abhay Singh Reyal
Level 4
Level 4

‎05-12-2016 09:00 AM

You can use below steps

*Delete the LDAP directory from call manager.

*disable the LDAP synchronisation from call manager.

*Deactivate the "DIR sync" service from the call manager serviceability.

*On the CLI of the CUCM use the following command to make the end users active and normal standard end users :
"run sql update enduser set status=1"

*Verifie using following command:
"run sql select * from enduser where status=0 "

Regards

Abhay Reyal

Regards
Abhay Singh Reyal
The Only Way To Do Great Work Is To Love What You Do. If You Haven’t Found It Yet, Keep Looking. Don’t Settle

Go to solution
vaibsha2
Level 1
Level 1
In response to Abhay Singh Reyal

‎05-12-2016 09:05 AM

Hi Abhay,

That is also the way to go however,that procedure will change the status for every user.I have mostly seen customer wanting to make amendments to a bulk of users out of the whole group.

Regards

Vaibhav Sharma

0 Helpful
Customers Also Viewed These Support Documents