Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2356
Views
8
Helpful
8
Replies

LDAP sync not working for all users

david.c.campbell70
Level 1
Level 1

‎12-12-2013 11:49 AM - edited ‎03-16-2019 08:50 PM

I have CUCM 8.6.1 and and unity Connections 8.6.1, both are synced with AD through LDAP, 99.9% fo my users show up in CUCM and unity, however I have just a few who don't show up.  I have tried restarting the Dirsync service and running a full sync of LDAP, neither has resolved the issue and ideas?                  

Any suggustions would be greatly appreciated.

Labels:
0 Helpful
8 Replies 8

Jose Pablo Villalobos Urena
Cisco Employee
Cisco Employee

‎12-12-2013 11:52 AM

ANy way you can get a Capture from the CUCM after you hit re-shync?

Chances are, the account are not been sync, its because the account used to sync has no permission over the user or the OU of the users are in.

Please Kudos/rate if this help!

Please Kudos/rate if this help!
0 Helpful

davrojas
Level 3
Level 3

‎12-12-2013 12:00 PM

Hello David,

This is a good advise from JoseVil, i would also check if there are any differences between the working and non-working (users not showing up) to confirm if there is any missing values. So if in the  LDAP attribute for User Id you are using mail or telephoneNumber make sure the user indeed has a value for that, this might seem pretty simplistic but is sometimes overlooked.

ADSI editor is the tool i believe is used on the AD (Active Directory) perspective to check differences.

Regards,

-Tocayo

0 Helpful

david.c.campbell70
Level 1
Level 1
In response to davrojas

‎12-12-2013 12:41 PM

Jose  I don't think I can get a packet capute this week our net admin is out and I don't have access to set anything up in the middle to capture.  I checked between a good and a bad user they are both in the same security groups and the permisions are the same for the service account that talks between unity and AD.  Also all of my users are in the same OU. 

David  I am not finding any differnce between attributes for my users, except some have multiple phone number, for my missing user i have found a match for everyfield with somebody else.

0 Helpful

Jose Pablo Villalobos Urena
Cisco Employee
Cisco Employee
In response to david.c.campbell70

‎12-12-2013 12:46 PM

David,

you can set and get captures from your CUCM without the need of a external device, or any network chance, just with the OS admin password.

Please refer:

https://supportforums.cisco.com/docs/DOC-11599

Please Kudos/rate if this help!

Please Kudos/rate if this help!

david.c.campbell70
Level 1
Level 1
In response to Jose Pablo Villalobos Urena

‎12-12-2013 01:10 PM

That is awesome I didn't know that, I have a capture runiing right now and the the full sync running, which seems to take forever to complete. 

0 Helpful

david.c.campbell70
Level 1
Level 1
In response to david.c.campbell70

‎12-12-2013 02:21 PM

How long should a force resync take?

0 Helpful

Joseph Martini
Cisco Employee
Cisco Employee
In response to david.c.campbell70

‎12-12-2013 02:26 PM

A quick thing to check if only some users are not syncing would be to make sure the problem users have a last name configured on the LDAP server.  Having a last name is a requirement for users to sync to CUCM.

david.c.campbell70
Level 1
Level 1

‎12-12-2013 02:45 PM

I was able to figure out that the connection to LDAP has failed.  Now to figure out why.

0 Helpful
Customers Also Viewed These Support Documents