I'm running CUCM 8.6x and UCCX 8.5x and I have cucm is integrated with MS AD.
The problem is my company is about to migrate all users is this AD to another AD (new ip address, new search base, but all users information remain the same). But, I don't know to make this happened without any damages to my system.
The simple question is how can I achieve it ?
- If I delete the configured AD integration, all the users will be marked deleted and will be cleaned up in 24 hours, which means I will lose all users information and theri associations. This is doom. Although, all the users info is the same (userid, firstname,lastname,etc....), but I don't think it will work that smooth. I'm I right?
- Worse, these users are also UCCX agent/supervisor in UCCX. If these users are cleaned up, this means my contact centers is dead. My configuration will be all gone. This is also doom.
Does anyone know or have experieces doing this ?
I want to change ip adddress and search base of my AD and want to maintain all the end users configurations and their configuration/associations, and UCCX agent stuff.
Please advise, I really don't know how to make this happen.
Thanks in advance,
As long as the userid remains the same, it doesnt matter what you do to LDAP, the user accounts will remain and will not be deleted.
In other words, if you delete the LDAP directory config in UCM, this will mark all users for deletion. If you then sync UCM to a new LDAP directory (even with a different IP or even different domain) all those users WHO HAVE THE SAME USERID will no longer be marked for deletion.
The easiest way to do this is just update the directory config inside the LDAP directory that is already configured in UCM, then you dont actually have to delete anything.
But again, having the same userid is the key.
Thanks for the responce,
Have you already tested this ?
To be more specific,
CUCM is integrated both to "Existing AD" and "NEW AD" together at the same time.
User A ====> User A
If i remember correctly, I uses to try this once. Everything looks okay. But I found out later that, If i make any changes for the migrated user in "AD", those new information didn't get synced to CUCM anymore. Even if the user status is active. I'm afraid this will be a problem.
This should be fairly easy to test. You can point to multiple LDAP directories at the same time.
UCCX gets its users from CUCM, so as long as you maintain the users in CUCM, there should be no effect on UCCX.
Yes I have tested it. I work for a Cisco partner and we were migrating a division of a company to their own CUCM environment. When we initially installed their new CUCM, they were pointed to the LDAP of the old company. A couple weeks later they finally installed their own Microsoft AD environment and we repointed their CUCM to the new LDAP servers (new ip, new domain, everything) and as long as the userid was the same, the user was unaffacted in CUCM & CUC - none of their users were marked inactive.
This was done on version 9.1.2.
Same question was posted here with the same response
I take that back. CUCM uses the GUID (global user id) to sync the CUCM user to the LDAP user. If you change AD environments, the GUID will change, and CUCM will no longer think it's the same user.
The only way to possibly make this work is to convert the users to local users, then re-configure your LDAP connection, then use SQL commands that you can get from TAC to convert the user back to an LDAP user. This will cause the user to download the GUID from LDAP and match it to the user with the same userid.
This is interesting. In my case we moved from an AD source to an AD-LDS source (still the same backend AD environment though). The AD attribute for user ID is the sAMAccountName but you cannot use this if you change to an AD-LDS (or ADAM) environment so we used UID. In our environment the sAMAccountName and the UID is the same so this is not a problem for CUCM it just sees user with sAMAccountName j.bloggs go inactive and then active again when it see UID j.bloggs in the new environment. Is my assumption correct that UID and GUID the same thing?
One of the customer had 4 different LDAP directories point to the same Server with different search creteria, Once we deleted the 3 unwanted LDAP directories, Restarted DirSync Service. but later in 30 mins all the UCCX agents were affected and all the agents skill groups went back to default.
CUCM Version - 10.5.1.10000-7
UCCX Version - 10.5.1.11001-49
I had same issue. I changed the IP / port of LDAP configuration on CUCM, than I performed the re-sync. After that, all agents on UCCX were affected, and their teams and skills were cleaned up to default configuration.
Anybody knows the root cause of this uccx problem?
I had this issue as well. Removed an LDAP config and even though the users existed in another LDPA config the users in UCCX were cleaned up. This didn't even wait for the next sync (which happens once per day), it happened withing an hour. We have called TAC but they are unhelpful saying that is expected behavior but offering no solution for removing the desired LDAP directory configuration. Have you found a solution to keep UCCX from dumping the user info?
I too have had the same issue and TAC are suggesting that this is expected behaviour. I am also using the exact same UCCX version as stated above (10.5.1.11001-49).
I have also been told by TAC that any change to a user to make them go inactive in CUCM, will mean the user is 'deleted' from UCCX meaning that their skills and teams will be lost, for example, if a user is accidentally put into the wrong OU and they're marked inactive in CUCM, they will be immediately deleted from the UCCX, upon realising the mistake if the user in put in the correct OU again, he will need to be reconfigured? This is ok with one user but what if a whole OU is removed from the sync and all the users are marked inactive?
Can I ask what UCCX and CUCM version you are using?
CUCM uses a Globally Unique ID within AD to identify the user. You can change the user name but it will still associate the user with the AD object since the GUID has not changed.
When moving between AD environments, even if the user name is the same, it is likely the GUID has changed.
I am not sure there is a way to do this easily.