Hi Aman,

Thanks for your reply.

Yes I understand i will be able to create/del users after the removal of the LDAP sync, I was wondering if all the user information that had been synced from the LDAP would stay or will it be removed from CUCM?

Hi,

There is a synchronisation mechanism which runs in call manager which could be set for  a specific time or made to run in hours, days, weeks.

During the syncronisation proceses, all pre-existing accounts are marked as inactive.after the synscronisation is completed, all inactive accounts are permanenetly deleted during the garbage collection process running.

Deletion of  accounts that do not match LDAPdirectory accounts is required  because Cisco Unified CallManager cannot manage accounts while synchronization is configured .

regds,

aman

Hi Aman,

I read that as well from the LDAP docs, but it doen't answer the question i think. That just states the garbage clean up when the cucm is sync'ed. I found the following from another post but I would like some more info on a supported procedure.

I've never disabled an LDAP integration in production, (just my lab) that all the users go into a 'status=2' state and aren't usable. You can run a SQL query to update the users to status=1 in the  enduser table to restore them to active.

Hi ,

I had also checked the SRND and it says that Garbage collection process runs everyday at fixed time of 3:15AM.

Regarding the users going into Inactive state , let me check.

Where do you find the Status as "2" ?

regds,

aman

Hello,

As per my understanding all the End users will remain unchanged when you disable LDAP Integration.

You could export your current End Users from BAT as a Backup.

Thanks

Johns

Info from the docs:

Once users are synchronized from LDAP into the Unified CM database, deletion of a synchronization configuration will cause users that were imported by that configuration to be marked inactive in the database. Garbage collection will subsequently remove those users.

So you can never go back to a local database once sync'ed with LDAP and keep the user data. Really??

Thnx Rob, was just writing this when you posted

Hi,

I was referring to LDAP enhancement introduced in CUCM 9

Prior to CUCM 9.0

-Enabling LDAP sync would prohibit adding local users

-End user to be used by CUCM must be defined on AD and synched

-Extra users could trigger extra CAL’s on the MS AD

CUCM 9.0

-Administrator can have both LDAP sync users and locally defined users

-Ability to modify local users and roles assigned to LDAP users

-Deleting LDAP synch will mark users synced for deletion (garbage collection)

-Administrator can convert an LDAP user to a local user

In User List, u will find Active Local User and Active LDAP Syncronised User.

regds,

aman

Hi Aman,

Great reference notes on these changes my friend! +5

Cheers!

Rob

"Hours are like diamonds, don't let them waste
Time waits for no one, no favors has he" 

- Stones

Yes very nice Aman +5 also.

Thank you for your input guys, much appreciated.

Hi Rob/Paul,

Thanks a lot for recognition.

Gr8 learning from Mr.Aokanlawon.

regds,

aman

Not exactly describing the problem but find it useful: today I needed to add 1000 Local users to my CUCM Integrated LDAP.
I was not able to do it through BAT, so I decided to create the users in LDAP, import them and then convert them to Local users using the following:

run sql ccm update enduser set fkdirectorypluginconfig=NULL where userid like '12121%'

I was not able to find a way to do it in Bulk via BAT.
HTH