07-27-2015 08:00 AM - edited 03-17-2019 03:46 AM
Hi Folks:
We have users with existing Unity Connection mailboxes. All users in our Unity Connection (9.1) have been imported from MS Active Directory (LDAP). I have been told that these users will now be given a new AD account and eventually their old AD account will be deleted.
What would be the best method to recreate these users in Unity Connection? As CUC is integrated with AD, I see the Alias is greyed out for the user account in CUC. If I check the button "Do Not Integrate with LDAP Directory" on the user page in CUC, then I am able to change the Alias, but I don't think this is a good practice. If I delete the CUC account, then I will also be deleting the mailboxes. Can I use DiRT or COBRAS to achieve this task?
Any suggestion is appreciated.
Thank you
07-27-2015 08:37 AM
Hi,
That's right, users will be deleted automatically. The best method is import the user with LDAP and it's not a good idea to change the alias, it's better that way, primary for troubleshooting.
Regards
07-27-2015 11:28 AM
Hi Leo:
So I would need to:
1. Export the mailbox of the current account (eg abc) in CUC using DiRT?
2. Delete the account (abc)
3. Import new account from LDAP (xyz)
4. Restore mailbox using DiRT.
Thank you
07-27-2015 12:34 PM
That's right but I recommend you test it first. Remember DirRT is for Windows based CUC.
07-27-2015 04:00 PM
Yes, this should work, however it will be a phased approach, i.e. take a set of Unity Connection users, take the "backup" using COBRAS and make sure you download voicemails as well.
However the Best will be to let the Selected users know that, their Voicemails will be DELETED (it will save you a LOT of head ache, as I have encountered users who have many "unheard voicemails" from the previous server once they come to know there was a Volicemail Server change :-)
So steps should be:
`
1. Use COBRAS Export the complete Set of Voicemail users along with their Voicemails using COBRAS
2. Delete those users from the AD
3. Create New AD Ac
4. Import those set of users to the UC
5. Restore their Voicemails using COBRAS Restore (COBRAS Restore will restore the voicemail prompt, greetings, and pin)
HTH
07-28-2015 09:08 AM
This is the requirement I have learned:
- Same CUC box, not migrating or upgrading
- Existing user (eg Joe1) will be have new AD account (Joe2) created. Joe1 will be eventually removed from AD. Joe2 will use the extension of Joe1.
My approach:
* Change extension mobility of Joe1 to Joe2
* Un-sync Joe1 in CUC. Change alias and smtp to Joe2
* Re-sysn Joe2
Not using DRS, DiRT or COBRAS. Will deploy and see.
Thanks Leo, Richard, Mohammed and Wilson.
07-27-2015 11:42 AM
Hi,
As mentioned by Leo, the best method is to import the users from AD. Also, worth to mention that the new users shouldn't have overlapping extensions with existing users within same partition. If this happens the import will fail.
You need first to make sure that existing users are deleted before importing the new ones.
07-27-2015 11:54 AM
Thank you Leo and Mohammed for the quick response.
My big concern is the mailbox. I have deleted test users and imported them, but they didn't have any mail in their mailboxes. Users profiles can be deleted and imported as many times, but once the mailbox contents get deleted then it is a pain to get the mails back. So I am wondering if I would have to use DiRT or COBRAS to help in this case.
Thank you
07-27-2015 12:06 PM
The sequence you mentioned is correct. I suggest to run this in a test lab. Also, here is a good link to help you.
http://www.netcraftsmen.com/notes-on-the-cobras-migration-tools-for-cisco-unity-and-unity-connection/
07-27-2015 10:33 PM
Once the user has become local you can then change the alias to match your new AD, when the sync takes place the accounts will align, so no need to worry with backups, exports/imports.
Regards, Richard
07-27-2015 03:25 PM
Hi Leo,
Users aren't automatically deleted from Unity Connection, they get converted to local users;
If you change a filter to one that excludes some of the users who were previously accessible, the Connection users who are synchronized with the now-inaccessible LDAP users will be converted to standalone Connection users over the next two scheduled synchronizations or within 24 hours, whichever is greater. The users will still be able to sign in to Connection by phone, callers can still leave messages for them, and their messages will not be deleted. However, they will not be able to sign in to Connection web applications while Connection is breaking synchronization for these users. After the synchronization has been broken, their web-application passwords will be the passwords that were assigned when their Connection accounts were created
So, you could just leave them as local users.
Hope this helps,
Richard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide