ā11-05-2015 05:57 PM - edited ā03-17-2019 04:49 AM
Hi - We have an existing customer AD Integrated using sAMAccountName as the primary attrib for the CUCM 10.5 userid.
The customer is also using Jabber with JID set to default userid@emaildomain.
There is now a requirement for a merger with another organisation, where we would introduce ADLS for LDAP Synch and authentication across both forests with a separate piece of work to migrate CUCM databases. I have went through the excellent ADLS integration document:
My understanding is that duplicate sAMAccountNames which may appear across different forests is handled across multiple ADLS partitions and sAMAccountName is no longer available as a synched userid attrib in CUCM for ADLS integration; we would need to use a different attribute, e.g. "mail". This would result in these "new userids" user@mail domain being synched as additional new users into CUCM and relevant device association, primary ext, user groups etc would need to be reconfigured. Associated CUCM apps, Extension Mobility, UCCX, CCMUser etc. would also require different logon values based on the mail value.
We could potentially retain Jabber credentials by reconfiguring IMP to use the Directory URI, which in turn synchs with the mail value, however, not to sure if existing Jabber client configurations would retain their settings with this backend change.
Any thoughts or comments welcome!
Thanks
Brian
Solved! Go to Solution.
ā11-06-2015 09:04 PM
That's correct, your only option to retain everything would be to stop the sync, turn all the users into local users, change their userID to match the field you'll use for LDS, and then re-configure the sync.
About flexible JID, yes, assuming they're configured and valid LDAP users, the change will re-create all the contact lists and they will retain all functionality in Jabber.
ā11-06-2015 09:04 PM
That's correct, your only option to retain everything would be to stop the sync, turn all the users into local users, change their userID to match the field you'll use for LDS, and then re-configure the sync.
About flexible JID, yes, assuming they're configured and valid LDAP users, the change will re-create all the contact lists and they will retain all functionality in Jabber.
ā11-06-2015 10:16 PM
Thanks Jamie - looks like there is a lot of work to be done!
ā10-25-2017 06:44 AM
Hi Brian,
I'm working on a new AD-LDS configuration for a customer right now. I also followed the 'the excellent AD-LDS integration document' but have troubles adding the second and third domain.
As I understand from the documentation we need to create additional DC=2nddomain,DC=... elements in the partition, but adamsync.exe keeps on complaining about "The target partition given was not the head of a partition. AdamSync cannot continue."
This has not been so well documented in the documentation ;)
How did you manage to get this working? Would you mind sharing the configuration xml files for 1st- and 2nd forest with me, as well as a quick explanation on how to prepare LDS for the 2nd and 3rd forest?
In previous installations we did of AD-LDS (Windows 2003) this was not a problem as adamsync supported hierarchical configurations, but Windows 2008 and later do complain about this.
Regards,
Erik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide