Password Change for Call Manager 7

Answered Question
May 23rd, 2010
User Badges:

Hello dears,


How i can change password for existing user and how i can create a new user for administration with full rights access.in call manager 7


Sorry for the above query i m very very very much new to call manager,i m asking because the voice guy in my company is on leave.


Thanks

Correct Answer by William Bell about 7 years 6 days ago

Modify existing user password:


1. If you are using DirSync (i.e. LDAP sync and have authentication via LDAP enabled):  Then you modify the user password in LDAP, not on the CUCM


2. If not using LDAP authentication:  Connect to the CCMAdmin portal on your CUCM publisher node (https://pub/ccmadmin).  Go to User Management>End User.  Find your end user.  Click on the user ID to edit and then change the password.  Keep your password credential policies in mind.


Admin level account:  You can assign the admin level permissions using the "Standard CCM Super Users" group.  You can assign this to either a End User or an Application User.  I approach this one of two ways:


1. If LDAP authentication is enabled AND the customer wants the admin users to authenticate using their LDAP credentials, THEN you find the appropriate user id in the End User section of the CUCM configuration and assign the "Standard CCM Super Users" group to that account.  However, I usually make a recommendation that customers have two accounts.  One that is privileged and one that is not.  The non-privileged account is the one associated to their IP phone.  The privileged is used for admin tasks only.  This is actually best practice with some LDAP backend vendors (i.e. Microsoft) as well.


2. If LDAP authentication is enabled AND the customer has not preference on authenticating admins against LDAP.  Then I would create an Application User account for the user.  Application Users are not synchronized with LDAP via DirSync process.  So, you can still authenticate to the cluster if the entire LDAP is unavailable.  Key point.


3. If there is NO LDAP authentication, then I would create an Application User account for the user.


Note in ALL cases you would assign a privileged group (e.g. Standard CCM Super Users) to the user account.  Whether it was an end user or an application user.   My preference, unless there is a customer requirement that must be handled, is to use an application user account.


HTH.


Regards,
Bill

Please remember to rate helpful posts.

Correct Answer by htluo about 7 years 6 days ago

1. Go to http://ip-address-of-cucm/ccmadmin

2. Log in with an existing administration account

3. Go to "User Management > Application User"

4. Add a new account and add him to "CCM Super User" group (at the bottom of the page).


Michael

http://htluo.blogspot.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
William Bell Sun, 05/23/2010 - 07:33
User Badges:
  • Purple, 4500 points or more

Modify existing user password:


1. If you are using DirSync (i.e. LDAP sync and have authentication via LDAP enabled):  Then you modify the user password in LDAP, not on the CUCM


2. If not using LDAP authentication:  Connect to the CCMAdmin portal on your CUCM publisher node (https://pub/ccmadmin).  Go to User Management>End User.  Find your end user.  Click on the user ID to edit and then change the password.  Keep your password credential policies in mind.


Admin level account:  You can assign the admin level permissions using the "Standard CCM Super Users" group.  You can assign this to either a End User or an Application User.  I approach this one of two ways:


1. If LDAP authentication is enabled AND the customer wants the admin users to authenticate using their LDAP credentials, THEN you find the appropriate user id in the End User section of the CUCM configuration and assign the "Standard CCM Super Users" group to that account.  However, I usually make a recommendation that customers have two accounts.  One that is privileged and one that is not.  The non-privileged account is the one associated to their IP phone.  The privileged is used for admin tasks only.  This is actually best practice with some LDAP backend vendors (i.e. Microsoft) as well.


2. If LDAP authentication is enabled AND the customer has not preference on authenticating admins against LDAP.  Then I would create an Application User account for the user.  Application Users are not synchronized with LDAP via DirSync process.  So, you can still authenticate to the cluster if the entire LDAP is unavailable.  Key point.


3. If there is NO LDAP authentication, then I would create an Application User account for the user.


Note in ALL cases you would assign a privileged group (e.g. Standard CCM Super Users) to the user account.  Whether it was an end user or an application user.   My preference, unless there is a customer requirement that must be handled, is to use an application user account.


HTH.


Regards,
Bill

Please remember to rate helpful posts.

Actions

This Discussion