09-10-2010 07:10 AM - edited 03-19-2019 01:33 AM
I understand that if you delete a user in Active Directory, then the user in Unity Connection will change from being LDAP integrated to not LDAP integrated. I'd like to see a list of users that are not LDAP integrated so I can periodically ensure that our admins are deleting users from Unity Connection when they are being removed from AD. Any way of seeing the list of users that are not synched with LDAP?
Solved! Go to Solution.
09-10-2010 11:05 AM
You can't see this within the web interface, but what you can do is use the Bulk Administration Tool to export a CSV file of the 'Users with Mailbox'.
The LdapCcmUserId column will be blank against any user who is not synced with your LDAP directory.
09-10-2010 11:05 AM
You can't see this within the web interface, but what you can do is use the Bulk Administration Tool to export a CSV file of the 'Users with Mailbox'.
The LdapCcmUserId column will be blank against any user who is not synced with your LDAP directory.
09-10-2010 11:10 AM
Thanks Ben! I guess that way is as good as any. It is a shame there is no search option on the web page though
.
Jill
09-10-2010 11:17 AM
Yes, it would be good if there was a bit of consistency with the LDAP options across all the Unified Communication applications. CCM has the active/inctive column for Sync status, but UC has nothing.
09-10-2010 11:33 AM
There has been discussion about possibly adding a new feature to meet your requirement in a future release.
09-13-2010 09:09 AM
You might like this better. ssh to one of the servers and run this.
run cuc dbquery unitydirdb select alias from vw_subscriber where ldaptype = 0
That will list all users who are not ldap enabled. You'll see a couple system accounts that you don't want to worry about. Once a user is deleted in ldap they will stay as 1 until the next sync, UC will notice them being gone and move them to 4. I believe after another day or two they will automatically move from 4 to 0 so it's not going to be immediate. If you are just checking up once in awhile though the ones that would be interesting to you would be 0 and 4.
0 being where they are not ldap users at all, and 4 being that they are but we aren't seeing that account anymore in the ldap sync.
Column: ldaptype
Column: ldaptype
Datatype: int
Length: 4
Description: the ldap configuration information for the user.
Notes:
Default value=0
Restrictions: ldap configuration information for a user.
Enumeration:
0, none, user does not have ldap enabled.
1, sync, ldap synchronization enabled.
2, authenticate, ldap authentication enabled.
4, inactive, ldap is enabled but temporariliy inactive for the user.
09-13-2010 12:30 PM
Thanks for supplying an additional option. Is there a way to send the results of this query to a file?
09-14-2010 12:29 AM
Hi
Easiest way is to use an app like Putty to connect via SSH to the server, and set the session in the putty config to log 'printable output' to a file. You can then open that in Excel as a text file and get it to treat it as tab delimited, and skip the junk lines at the start.
Regards
Aaron
Please rate helpful posts...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide