Solved: Re: Viewing LDAP users in UC 8.x

jhitt-limited · ‎09-10-2010

I understand that if you delete a user in Active Directory, then the user in Unity Connection will change from being LDAP integrated to not LDAP integrated. I'd like to see a list of users that are not LDAP integrated so I can periodically ensure that our admins are deleting users from Unity Connection when they are being removed from AD. Any way of seeing the list of users that are not synched with LDAP?

benjaminwatt · ‎09-10-2010

You can't see this within the web interface, but what you can do is use the Bulk Administration Tool to export a CSV file of the 'Users with Mailbox'.

The LdapCcmUserId column will be blank against any user who is not synced with your LDAP directory.

View solution in original post

benjaminwatt · ‎09-10-2010

You can't see this within the web interface, but what you can do is use the Bulk Administration Tool to export a CSV file of the 'Users with Mailbox'.

The LdapCcmUserId column will be blank against any user who is not synced with your LDAP directory.

jhitt-limited · ‎09-10-2010

Thanks Ben! I guess that way is as good as any. It is a shame there is no search option on the web page though

.

Jill

benjaminwatt · ‎09-10-2010

Yes, it would be good if there was a bit of consistency with the LDAP options across all the Unified Communication applications. CCM has the active/inctive column for Sync status, but UC has nothing.

sopayne · ‎09-10-2010

There has been discussion about possibly adding a new feature to meet your requirement in a future release.

anmcbrid · ‎09-13-2010

You might like this better. ssh to one of the servers and run this.

run cuc dbquery unitydirdb select alias from vw_subscriber where ldaptype = 0

That will list all users who are not ldap enabled. You'll see a couple system accounts that you don't want to worry about. Once a user is deleted in ldap they will stay as 1 until the next sync, UC will notice them being gone and move them to 4. I believe after another day or two they will automatically move from 4 to 0 so it's not going to be immediate. If you are just checking up once in awhile though the ones that would be interesting to you would be 0 and 4.

0 being where they are not ldap users at all, and 4 being that they are but we aren't seeing that account anymore in the ldap sync.

Column: ldaptype

Column: ldaptype
Datatype: int
Length: 4
Description: the ldap configuration information for the user.

Notes:
Default value=0

Restrictions: ldap configuration information for a user.

Enumeration:
0, none, user does not have ldap enabled.
1, sync, ldap synchronization enabled.
2, authenticate, ldap authentication enabled.
4, inactive, ldap is enabled but temporariliy inactive for the user.

jhitt-limited · ‎09-13-2010

Thanks for supplying an additional option. Is there a way to send the results of this query to a file?

Aaron Harrison · ‎09-14-2010

Hi

Easiest way is to use an app like Putty to connect via SSH to the server, and set the session in the putty config to log 'printable output' to a file. You can then open that in Excel as a text file and get it to treat it as tab delimited, and skip the junk lines at the start.

Regards

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!