Issue configuration LDS to import user from AD to CUCM

RiccardoG · ‎04-28-2018

Dear All,

I have a multi forest enviroment

Basically a lot of Domain each one with the personal AD + DNS

I'm following this guide to configure the LDS
https://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html#anc6
but i'm stuck to this point " Extend the AD LDS Schema with the User-Proxy Objects " getting this error

C:\Windows\ADAM>ldifde -i -s localhost:389 -c CN=Configuration,DC=X #Configurati
onNamingContext -f MS-UserProxy-Cisco.ldf -j c:\windows\adam\logs
Connecting to "localhost:389"
Logging in as current user using SSPI
Importing directory from file "MS-UserProxy-Cisco.ldf"
Loading entries.
Add error on entry starting on line 10: No Such Attribute
The server side error is: 0x57 The parameter is incorrect.
The extended server error is:
00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operati
on, data 0, v2580
0 entries modified successfully.
An error has occurred in the program

I edited the MS-UserProxy with all the parameter described in the procedure above. Attached the MS-UserProxy-Cisco.ldf edited (i change the extension in TXT otherwise I cant upload it)

Can someone help me I can't find the issue

Regards,

Riccardo

menhouse01 · ‎05-31-2018

- Have you found a solution for this error? I have the same thing happening

RiccardoG · ‎05-31-2018

Yes I found the solution, now I got a new problem about import user from another domain inside my LDS. I trusted the 2 domains but the LDS don’t want import the other user :(

menhouse01 · ‎05-31-2018

Ricardo - What was the solution you found? Would you mind sharing it?

Thanks Mark

RiccardoG · ‎06-02-2018

I confirm that now all is working

I suggest to follow the Cisco Guide that I linked above + this

About the new guide that I linked here my Recommendations:

If you are in lab enviroment installed via VMware template

be sure that LDS Server and other server don't have the same SID, in case of same SID nothing will work (so sysprep them)
be sure that the trust between the domain is working, make a full trust ( link) it's not necessary use a password for the trust
be sure the DNS is working
About point 2 on the guide of Myitblog,LDF importing, add also MS-ADLDS-Display....
About point 3 on the guide of Myitblog, it not mandatory to create a schema for each domain if them are trusted
About point 5 on the guide of Myitblog, the current text file has a "space character" in line 9, 44 or 49 so before to save it, remove the "space". Cursor must blink on the red line not on the blue line (see photo)LDF-CUCM
About point 6 on the guide of Myitblog, add all the attribute that are inside of your MS-UserProxy-CUCM + MS-AdamSyncConf-DOMAIN-NAME.XML. Remember each time you edit the attribute of userProxy you have to reboot the LDS server
Before import user --->Configure Bind redirection if u dont use SSL disable first! (also here is mandatory to reboot the LDS)
Start the Sync, the first could fail go on sync or install logs, i don't remember which one, and find the row about "adding attribute" at 100% there are some new attribute that you didn't add (point 7 of my reccomendation), so go again on MMC LDS Active direcoty schema and add the missing attribute on the userProxy. Reboot the server and Sync again.
1. TIPS--> read always the logs and if for some strange reason from the log you see the user, but on MMC LDS you didn't see the cause is an attribut missing on userProxy MMC LDS Active direcoty schema, so repeat the point 9 of my recommendations
From CUCM side be sure to use a filter, because by default cucm will search on the LDS an object User, but object user doesn't exist anymore because it was replaced by userProxy

At the end I think you will able to compleate the SYNC.
If you need more help write here and I will try to help you