Changing the CUCM LDAP System (and thus also changing the LDAP Directory and Authentication)
From : "Microsoft Active Directory"
To : "Microsoft Acive Directory Application Mode" (ADAM)
AND : After running the first CUCM sync with the new ADAM server.
What impact will this have on the existing user accounts in CUCM (in terms of their Associated Devices and their Permissions Groups and Roles)?
Will they be overwritten and thus the above fields be blank? Leaving us having to manually add all that back in to our existing user base.
Or, (which we feel is most likely), will there be duplicate accounts created in CUCM?
The reason we feel there will be duplicates is due to the nature of multi-forest deployments and the issue of having the same usernames in two or more forests. All authentication requests must be performed using their User Principal Name (UPN), such as firstname.lastname@example.org, rather than the standard way of just using your userid : jdoe
I haven't done this myself, so keep that in mind. As you say, be gentle.
Putting ADAM aside for the moment, in an LDAP sync configuration when you establish a sync agreement the CUCM does the following:
1. All user objects in the CUCM db are marked inactive
2. CUCM begins sync'ng with LDAP
3. For each user object learned from LDAP: The LDAP attribute chosen to map to the user ID in CUCM is compared to existing CUCM user objects.
- If a match is found, the account is activated
- attributes for first name, last name, telephoneNumber, etc. are then overwritten with the LDAP values (based on attribute mappings)
4. After the sync completes, any CUCM user object that did not have a LDAP object with the same user ID are still marked inactive. These objects will be purged during the next clean up interval
To give an example, I had a project where the customer was doing an upgrade from 4.1 to 7.1(3). As part of the upgrade, user objects were moved over to CUCM 7.1(3). Then we enabled LDAP sync. User objects were not deleted, nor were there duplicates. Configurations such as device associations were unaffected. The only thing we needed to do was check the CUCM user DB against LDAP user objects (running scripts against both) to find any mismatches between sAMAccountName and the CUCM user ID.
Assuming the sync process and behavior for activating/deactivating accounts is the same with an ADAM integration, then I wouldn't expect you to have an issue.
IntroductionThe IssueServices Shown their status as UnknownWhat actions require to be taken?Logs required for troubleshootingWhat to expect in the logs:
The purpose of this document is to provide troubleshooting insight into a well-known iss...
New Cisco Champion Radio release on Zero Trust for WebexListen: https://smarturl.it/CCRS8E14 Follow us: https://twitter.com/CiscoChampion Cisco introduced End to End (E2E) Encryption in 2008 as a Webex Meeting option where only the me...
Community Live- Tour of the Real-Time Monitoring Tool
(Live event - Tuesday, 20 April, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)
This event will have place on Tuesday 20th, April 2021 at 10:00 hrs PDT
Learn: How to configure Cloud Connected PSTN with Webex Calling
CCP Provider Name
Product Home Page Link
Webex Calling Region
Countries Supported by Provider
Free Trial Link
Contact Provider Link
FR & LU
Meet the Authors Video - Leveraging SBCs to Empower a Changing World of Collaboration
(Live event – Tuesday, 16th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event had place on Tuesday 16th, February 2020 at 10am PST ...