06-11-2014 09:00 AM - edited 03-16-2019 11:04 PM
We are currently using local user accounts with CUCM 9.1.2 and are looking at integrating it into the active directory structure.
We do utilize the same structure for user ID's.
I am looking to find out what the changeover will entail and if anything else needs to be done prior to the integration.
We also have Unity syncing up with CUCM for users as well as Contact Center sync'ed up for our ACD system.
Thanks
Mike
Solved! Go to Solution.
06-11-2014 10:23 AM
Hey Mike,
The process is pretty straight forward. CUCM 9.X supports the coexistence of AD integrated users and local users so you don't have to worry about local accounts disappearing if they don't have an AD account. The biggest thing to watch out for is that if you decide to revert back for whatever reason then the accounts that were in AD will be marked for deletion (from the CUCM, not AD) and will be removed after approximately 24 hours.
I recommend the following if you'd like to move to AD.
You can go a step further and create a filter to only pull in the users within the search base you specified and apply that. For example, maybe only pull in users that have their ipPhone field populated. Let me know if you have any questions on that or any of the above.
I hope this helps!
06-11-2014 12:34 PM
Hey Mike,
I'm glad you found it useful. Yes, I work with this all of the time. My company's own UC deployment is AD integrated and we also do this for the majority of our customers.
UCCX just references CUCM for its credentials so if CUCM is now integrated with AD then it will just pass along those requests to AD. For Unity Connection, the same thing is true when it is integrated with CUCM via AXL. You can also choose to integrate Unity Connection directly with AD using the same steps as I outline above with CUCM. If you do then you'll have a choice when you import new users into the system on if you want to integrate via CUCM or using LDAP. Existing users will stay as they are. It isn't necessary to that but if I'm doing a new implementation then I'll normally integrate both CUCM and Unity Connection directly with AD.
I hope this helps!
06-11-2014 10:09 AM
Hi Mike,
LDAP enhancement was introduced in CUCM 9 where the users fetched/synhcronised from AD could be converted to Local users and fields could be edited but the reverse is not possible[ what I think].
you need to create same existing end users in AD and then, synchronise with CUCM.
regds,
aman
06-11-2014 10:23 AM
Hey Mike,
The process is pretty straight forward. CUCM 9.X supports the coexistence of AD integrated users and local users so you don't have to worry about local accounts disappearing if they don't have an AD account. The biggest thing to watch out for is that if you decide to revert back for whatever reason then the accounts that were in AD will be marked for deletion (from the CUCM, not AD) and will be removed after approximately 24 hours.
I recommend the following if you'd like to move to AD.
You can go a step further and create a filter to only pull in the users within the search base you specified and apply that. For example, maybe only pull in users that have their ipPhone field populated. Let me know if you have any questions on that or any of the above.
I hope this helps!
06-11-2014 12:20 PM
Thank you for the response Jason. That is some great info. Do you have any experience in how the integration will affect Unity and our contact center agents that are sync'ed up with CUCM?
Thanks
06-11-2014 12:34 PM
Hey Mike,
I'm glad you found it useful. Yes, I work with this all of the time. My company's own UC deployment is AD integrated and we also do this for the majority of our customers.
UCCX just references CUCM for its credentials so if CUCM is now integrated with AD then it will just pass along those requests to AD. For Unity Connection, the same thing is true when it is integrated with CUCM via AXL. You can also choose to integrate Unity Connection directly with AD using the same steps as I outline above with CUCM. If you do then you'll have a choice when you import new users into the system on if you want to integrate via CUCM or using LDAP. Existing users will stay as they are. It isn't necessary to that but if I'm doing a new implementation then I'll normally integrate both CUCM and Unity Connection directly with AD.
I hope this helps!
07-08-2014 09:15 AM
Jason,
I have another question about the cisco user agents in UCCX. When they are converted over, do they keep their assigned skills/groups? Or will that all need to be reassigned.
Thanks
07-08-2014 09:50 AM
Hey Mike,
As long as you confirm the Local Users in CUCM match the username of the user it is to be paired with in AD then that CUCM Local User will be converted to an AD integrated user and will keep all of it's CUCM permissions, device associations, skills in UCCX, etc.
For example, if you had a local CUCM user with a username of miketraylor and an AD username of miketraylor then you'll be good. The local user will migrate to an AD Integrated user and keep all of its settings. But if you had a local CUCM user with a username of miketraylor and an AD username of mtraylor then after you do the integration you will have 2 users... the original miketraylor local CUCM user with all of the permissions and settings as before and a new AD integrated user of mtraylor with no permissions and settings. In the 2nd scenario where the usernames don't match, you'll need to manually migrate the settings and eventually delete the old user which can be a pain. It is best to confirm the local users match before you do the integration but assuming they do then you'll be good to go.
The only thing I'll caution you of is that if you have a local CUCM user of miketraylor and an AD user of MikeTraylor (notice the uppercase M and T) then it will sync up fine but the log in to the agent desktop is case sensitive so your users may need to modify their log in the first time they try after the integration.
I hope this helps!
A quick edit for something I forgot to mention when I first replied... when I say that a local user will be converted to an AD user and keep "all of its settings", I'm referring to settings such as the CUCM User Groups, Device associations, UCCX skills, Primary Extension and things like that. Other items such as Department and Telephone Number and a few others will be overwritten by the values stored in AD.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide