App Admin access lost due to integration with AD

Unanswered Question
Mar 16th, 2010
User Badges:

Hi all,


When configuring End Users to be App Administrators and CUCM is  configured to synch with an Active Directory,the app admin account got deleted and  app admin access is be lost.  If this were the case, what  would be the work around to getting back into App Admin if the AD  connection is broken (besides waiting for the connection to be  restored.)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Anthony Holloway Tue, 03/16/2010 - 07:35
User Badges:
  • Purple, 4500 points or more

You can run the initial setup wizard to choose new administrator users.  Unfortunately, integrating with AD has it's pro's and con's....this is a con.


To get to the initial setup follow these instructions:


On the server:

     Go to Start > Run, type CET then click OK

     Click No

     In the left hand window pane, click the AppAdminConfig

     In the right hand window pane, double click the record that appears

     In the pop up window, select the second tab

     In the bottom drop down list, select "FRESH_INSTALL" then click OK

     Exit out of CET

     Launch AppAdmin and Login with Administrator/ciscocisco

     Click next through all of the settings, including the license page

     Get yourself to the end where you choose administrators, and pick a new one

mesumbeslin Tue, 03/16/2010 - 10:44
User Badges:

Thanks alot Anthony but this brings another worry...What happens to the already configured subsystems?

Do I have to reconfigure them?

Anthony Holloway Tue, 03/16/2010 - 15:15
User Badges:
  • Purple, 4500 points or more

No, you simply click next through the whole thing.  It doesn't even disrupt call processing.


Also, one other con with AD integrations.


CUCM can have multiple AD servers listed for Authentication redundancy.  CUCM will try a connection to a server up to 3 times before moving to the next server.  This takes a little over 10 seconds per server.


CAD has a login timeout, which set to 10 seconds.  So while the CUCM is busily trying to find an AD server to service the auth request, CAD has already timed out not allowing the login to happen.


You will want to read this defect for a proposed work around:  CSCsv31620

Gabriel Saavedra Tue, 03/16/2010 - 15:54
User Badges:
  • Silver, 250 points or more

The problem here is with the UCCX agents, because when you sync the CUCM with the AD and the user ID of the agents in the AD are different from the one that you use before in the CUCM, this will delete the agents, so you will going to do the whole thing again (add the agents to CSQ, etc), and as Anthony told before the CET tip doesn't affect any configuration, after that you can give an AD account the permission of being App Administrator.

Actions

This Discussion