Unless he deletes the old one at 3:11 AM, then he's screwed. 

Anthony Holloway

Please use the star ratings to help drive great content to the top of searches.

Nope, that's wrong, you can do it at 3:14 AM and your users will still be there.

User's wont be deleted until they have been marked as inactive for 24 hours.

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/9x/uc9x/directry.html#wp1045242

After the initial synchronization, the creation, deletion, or disablement of an account will propagate to Unified CM according to the timeline shown in Figure 16-7and as described in the following steps:

1. At 8:00 AM on January 1, an account is disabled or deleted in AD. From this time and during the whole period A, password authentication (for example, Unified CM User Options page) will fail for this user because Unified CM redirects authentication to AD. However, PIN authentication (for example, Extension Mobility login) will still succeed because the PIN is stored in the Unified CM database.

2. The periodic re-synchronization is scheduled for 11:00 PM on January 1. During that process, Unified CM will verify all accounts. Any accounts that have been disabled or deleted from AD will at that time be tagged in the Unified CM database as inactive. After 11:00 PM on January 1, when the account is marked inactive, both the PIN and password authentication by Unified CM will fail.

3. Garbage collection of accounts occurs daily at the fixed time of 3:15 AM. This process permanently deletes user information from the Unified CM database for any record that has been marked inactive for over 24 hours. In this example, the garbage collection that runs at 3:15 AM on January 2 does not delete the account because it has not been inactive for 24 hours yet, so the account is deleted at 3:15 AM on January 3. At that point, the user data is permanently deleted from Unified CM.

If an account has been created in AD at the beginning of period A, it will be imported to Unified CM at the periodic re-synchronization that occurs at the beginning of period B and will immediately be active on Unified CM.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

The more you know.  Thanks for the correction and clarification Jamie.

Anthony Holloway

Please use the star ratings to help drive great content to the top of searches.

Hi Christian,

That's really helpful.  I'm going to try it out in my staging environment today and see how it goes. Glad to hear I'm not the only one with this problem.

Thanks a lot,

Ryan

Hi Christian,

Thanks again.  I just did this in our staging servers and it went perfectly.  It's actually a low risk operation when you use your method.  The prompts that get generated when you delete the old LDAP are kind of scary.  I think my operations guys would have had a heart attack if I'd told them to delete the old directory first :^)

Cheers!

Ryan

What happens to user's device associations such as udp, end user groups etc, while they are inactive..does cucm retain this and carry on as usual after users are marked active again

Please rate all useful posts

"The essence of christianity is not the enthronement but the obliteration of self --William Barclay"

Yes, they are all retained since actually nothing changes in the database table for endusers. User only get flagged inactive or active, that's it. Information get only lost when you keep users inactive for too long so that their information are purged from the database.

Thanks Christian

Please rate all useful posts

"The essence of christianity is not the enthronement but the obliteration of self --William Barclay"

Ryan,

What version of jabber are you using that supports URI dialling..Can you share with me your config on cucm to enable uri dialling? Just the pointers will do (too lazy to look at documentation now)

Please rate all useful posts

"The essence of christianity is not the enthronement but the obliteration of self --William Barclay"