Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2428
Views
0
Helpful
2
Replies

Disable LDAP Synchronization in CUCM 7.1(3)

Go to solution
James Hawkins
Level 8
Level 8

‎11-29-2010 06:10 AM - edited ‎03-16-2019 02:09 AM

Hi,

Earlier this year I deployed CUCM 7.1(3) for a customer with approximately 500 users. I enabled LDAP sync to Active Directory and everything went ok.

The CUCM user ID syncs to the AD sAMAccountName.

They now want to add a separate business group whose users are in a separate AD tree (same forest).

Looking at the SRND synching using the sAMAccountName is not supported with only userPrincipalName being allowed.

My questions are:

  • Is it possible to somehow retain the existing CUCM user accounts whilst changing the attribute from sAMAccountName to userPrincipalName?
  • If not then what migration strategies are recommended?
  • Is it possible to disable LDAP sync and keep the user accounts that have been imported (and allow new users to be created from within CUCM).

It may be ok to go to CUCM 8.0 if this makes things easier.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎11-29-2010 06:31 AM

CUCM when LDAP enabled will always go thu the same process, it will only keep users that have a matching UserID attribute from the one in the directory.

If users have a different value for sAMAccountName and userPrincipalName then those users will be flagged as inactive and will be removed by the garbage disposal mechanism.

If the fields have the same value, then users will remain in CUCM.

I haven't tried this myself but the only way I can think of keeping users and being able to add new ones would be to stop the LDAP services, but not removing the config because of this:

Note Once users are synchronized from  LDAP into the Unified CM database, deletion of a synchronization  configuration will cause users that were imported by that configuration  to be marked inactive in the database. Garbage collection will  subsequently remove those users.

This is the same in any version.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎11-29-2010 06:31 AM

CUCM when LDAP enabled will always go thu the same process, it will only keep users that have a matching UserID attribute from the one in the directory.

If users have a different value for sAMAccountName and userPrincipalName then those users will be flagged as inactive and will be removed by the garbage disposal mechanism.

If the fields have the same value, then users will remain in CUCM.

I haven't tried this myself but the only way I can think of keeping users and being able to add new ones would be to stop the LDAP services, but not removing the config because of this:

Note Once users are synchronized from  LDAP into the Unified CM database, deletion of a synchronization  configuration will cause users that were imported by that configuration  to be marked inactive in the database. Garbage collection will  subsequently remove those users.

This is the same in any version.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
0 Helpful

Go to solution
James Hawkins
Level 8
Level 8
In response to Jaime Valencia

‎11-29-2010 06:48 AM

Thanks Java,

I suspected that the users would be deleted if the LDAP sync was removed but it is useful to have it confirmed.

This is going to be fun!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents