cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
383
Views
0
Helpful
4
Replies

Synchronizing CUCM 9.1.2 with Active Directory Best Practice

ahalim5466
Level 1
Level 1

I have lots of end user objects in CUCM that does not have a valid User ID / sAMAccountName to do the synchronization without resulting a huge number of "Inactive" accounts. I'm new to VoIP Administration and new to my work place as well. What is the Best Practice to insure a successful synchronization - Also, If I was to modify the User ID in CUCM under User management > End User - what do I need to watch for ?

Thanks for you help,

 

Ahmed

 

 

4 Replies 4

Jonathan Schulenberg
Hall of Fame
Hall of Fame

Customers end up doing one of two things to prevent inactive or service accounts from being synced into CUCM. Remember that every user object synced in will be included in the Corporate Directory search results.

  1. Create an LDAP Search Filter and apply it to your LDAP Directory Synchronization Agreement(s).
  2. Change the LDAP Search Base to a value that includes only the user objects you want. For example OU=People,DC=cisco,DC=com where OU=People and any subordinate OUs within it only contain active users.
Also, If I was to modify the User ID in CUCM under User management > End User - what do I need to watch for ?

I'm a little unclear what you're asking here. If the user object is synced to LDAP then the username is read only within CUCM. If you modify the username within AD the change will be replicated to CUCM in the next sync because CUCM uses the ObjectGUID with AD to provide uniqueness.

Jonathan,

Thanks so much for the quick response, We actually have not configured LDAP Synch yet and I appreciate your advice. I'm sorry I was not clear in describing what I meant by modifying  the User ID.. We have a lot of phones that were created (both the User ID & the Device) for Places such as Book Store, Maintenance Shop, English Department, etc. which of course have no entries in AD to match with.  

Thanks again,

Ahmed

In CUCM 9.0+ you can leave those as local user objects, not synced with AD. In 8.0 and earlier LDAP was all or nothing but it will allow a mixture in 9.0. The reason most customers created these End User objects was to get an entry in the corporate directory. If you don't care about this, a user object is not required for what are often referred to as Public Space devices; they can exist entirely by themselves.

Jonathan,

 

Thanks, that make a lot of sense. I will proceed to remove the user ID Public Space devices. This way when the synch takes place they will be treated as local user objects. I believe you provided the answer I was looking for.

 

Thanks,

Ahmed