Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
4
Helpful
3
Replies

Change AD LDS

nikolaas.noyez
Level 1
Level 1

‎02-26-2013 06:22 AM - edited ‎03-16-2019 03:56 PM

Hi,

We are currently running CUCM 8.6 which is integrated with the windows AD.      Due to acquisitions it is no longer possible to use just one domain, so we should move to AD LDS.

I have found several documentation on how to setup AD LDS, but can't seem to find what happens when you switch from just AD to AD LDS.

- I guess changing the UserID sync from sAMAccountName    to UserPrincipalName in LDAP Directory configuration  is not done without consequences. 

- There appears to be no possibility to change the LDAP Directory configuration in CUCM so remove and add is kinda the only way.


We also use UCCX ( 250 agents ), Cisco presence, Cisco Unity Connections, .. and I don't want to reconfigure everything because userID's would change.

Any comments would be very helpfull... thanks.

Labels:
0 Helpful
3 Replies 3

Jaime Valencia
Cisco Employee
Cisco Employee

‎02-26-2013 07:33 AM

Correct, you need to remove the current LDAP integration and do a new one from scratch, and yes, there will be consequences if you change the userID to something else and it doesn't match what CUCM is syncing against right now, those users will be wiped out by the garbage disposal and along with them, all their associations in CUCM. New users will be imported and you'll need to re-do all the user/device/line/permissions/etc.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

Chris Deren
Hall of Fame
Hall of Fame

‎02-26-2013 07:37 AM

So, is this an additional domain or additional forest that you are adding?

Keep in mind that CUCM can point to multiple domains, in fact by pointing to the root of the GC you can have single integration that spans an entire forest.

If you have multiple forrests, then ye LDS/ADAM is the solution.

HTH,

Chris

0 Helpful

nikolaas.noyez
Level 1
Level 1
In response to Chris Deren

‎02-26-2013 11:40 AM

Hi Chris,

It would be adding a second forest...  we have set the cucm to point to both forests, which works OK to import the users. But the minute we want to authenticate users from the second forest ( for /ccmuser page, uccx, unity... ), the proxy user that is configured in the original forest to handle this only authenticates users in the original forest.

AD LDS would be the solution and I've found users that are happy with this setup, but they were all new builds, no migrations.

Moving the proxy user that handles the authentication to the LDS could cause issues... and reconfiguring UserID from sAMAcountName to UserPrincipalName will probably re-import all users and we would have to basically reconfigure everything user-related like Jaime confirms.

I had hoped this would not have been the case..   or a migration path would have been available...

Thanks

0 Helpful
Customers Also Viewed These Support Documents