LDAP Sync to wrong AD Server "Inactive LDAP Synchronized User" is not removed

dan hale · ‎06-22-2016

Hello All, I sync'd up to the wrong Active Directory Server. I removed the old AD server in CUCM 11 and pointed it to the correct AD server and sync'd up. Now I have a dozen or so "Inactive LDAP Synchronized Users" and It's been about two days. I would have thought the Garbage Collection process would have removed the dozen or so inactive users.

What are my other options? Should I remove all instance of LDAP enabled end users and give the garbage collection process its process or should I re-add the old server let it sync up then convert the users I know that don't exists on then new AD server to local accounts and delete?

Thanks,

Dan

Shashank Mahajan · ‎06-22-2016

You can convert those inactive LDAP synchronized users to local CUCM end users by running the following command from CLI:

run sql update enduser set fkdirectorypluginconfig=NULL where userid IN ('userid1', 'userid2', ‘userid3’, 'userid4', 'userid5')

Once they are converted to local CUCM end users then you can delete them right away.

dan hale · ‎06-22-2016

Tried the above but when I run the command I get the following error:

Column (actual user ID) not found in any table in the query (or SLV is undefined)

I ran the below command on both active and non active users:

run sql update enduser set fkdirectorypluginconfig=NULL where userid=’<userid>‘ —– Replace <userid> with the actual User ID on CUCM

Does this require "root" access?

Shashank Mahajan · ‎06-22-2016

This command can be run from the CLI and does not require root access. I was able to run this command on my lab CUCM 11.0 successfully (Screenshot attached for your reference).

dan hale · ‎07-19-2016

I'm not sure why I couldn't run the command.

I ended up adding back in the previous LDAP server then converting the users to local and deleting. I only had about 30 users so it did not take that long.

Thanks,

Dan