I am looking for a way to change the CCM user's passwords without having to access the webpage directly. Does anyone have information on the hooks into the web page or should writing straight to the database be the way to go?
I have multiple passwords to reset for a large number of usrs and I would like for them to enter the new password at one spot and have it propagate to the various systems
Not sure what your infrastructure is, but one way to accomplish this is through Active Directory integration. The AD account is used for authentication, so when that password is changed, the CCM User Options page password is changed.
Hope this helps.
We thought about it but with 900+ users I have heard horror stories of users trying to integrate an existing CCM with AD. Anyone have any experience with this?
We don't have that many users, but we did start out using DC directory and move to AD. The migration itself is fairly simple. Please see the link below. There will certainly be some training issues regarding passwords. Users who are used to having a separate CCM password will now have their password match AD. In my opinion, the ease of administration in the long term is worth the migration pain in the short term.
Active Directory 2000 Plugin Installation for Cisco CallManager
Hope this helps. If so, please rate the post.
I agree with Brandon that Active Directory integration is worth it in the long run. I'm not sure what 'horror stories' you're hearing. There are some caveats you should be aware of. The main caveat is that CallManager itself doesn't have a way to reference multiple domain controllers. If you need redundancy, you need to use a load-balancer of some sort to handle redirection of requests among several domain controllers. Otherwise, one AD controller dying can have an impact on your production IP telephony services.
Brandon said something I feel like I should clarify: "The migration itself is fairly simple." The migration itself is actually a bit of a PITA for an existing CallManager deployment. You'll lose any device associations and any user flags such as 'CTI Use Enabled', etc. Multilevel Administration and CAR have to be reconfigured. This is massively compounded if you have IPCC Express, Personal Assistant or Emergency Responder, which store most or all of their configuration in the directory. Normally, these products all have to be reconfigured from scratch or reinstalled if you try to migrate after you're up and running.
Brandon was almost entirely shielded from this pain because my company was contracted to do the migration for Ball Homes (I myself actually did the work). Having performed several DCD->AD conversions and one DCD->Netscape conversion, we've got a few shortcuts. We ported the data by using a special LDAP tool to export all the data from DC Directory, fixed up the format slightly in places where the Active Directory schema differs, and adjusted profiles and profile links to attach to the Active Directory user accounts, and then did similar fixups for the other AVVID application data in the directory. The result was bulk-imported directly into AD prior to running the AD plugin. This is totally undocumented and about a million miles from Cisco-supported, so don't expect that a by-the-numbers migration is going to save your data. This doesn't really fall under 'horror story' because it's something you should expect and plan for. I wanted to follow up though, because the above post might make one think migration is as simple as 'run the AD plugin' and that's a long way from reality.
I certainly did not mean to indicate that the conversion was a piece of cake, simply doable. Jason has a wealth of knowledge and did a great job on our conversion. Thanks for the clarifications, Jason.