Extension Mobility using UPN attribute

Unanswered Question
Sep 29th, 2010
User Badges:

Hi all,

I am facing the possibility of having to move to using UPN instead of samAccountName as my AD integration attribute as another division running on a separate AD forest want to utilise our CUCM 7.1(3) cluster.

We primarily use extension mobility. I assume once you go down the UPN path you have to logon to extension mobility on the phone using the whole [email protected] via DTMF? (ugly!!!)

It gets even trickier with Unity.

We have provided them "Linked Mailboxes" on our exchange environment. Following Microsoft's recommendation this is done by giving them a disabled AD account with mailbox in our Company1.com AD forest that is then linked through exchange to their active AD account (master account is the exchange term) in their Company2.com AD. There is a trust between the domains but passwords are not synched between the disabled and active AD accounts.

This all works nicely from an exchange / outlook perspective but doesn't look too simple to get them working as CUCM users with unified messaging. Unity can only see the disabled AD account in our AD.

All this was done without speaking to the voice team of course to see what the implications were for telephony both for existing users and the new. :-)

I have a UCCX 7.0(1) SR5 contact centre just to add to the mix :-)

Anyone been down this path before??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
richb1971 Thu, 12/11/2014 - 01:27
User Badges:

Hi Glenn,


Did you ever get a fix for avoiding the ugly DTMF login?



Aaron Harrison Thu, 12/11/2014 - 01:49
User Badges:
  • Super Bronze, 10000 points or more
  • Community Spotlight Award,

    Member's Choice, May 2015

I've thought about this a few times... to me it seems that the options on CUCM just aren't comprehensive enough, and what's needed is an overhaul to the EM service rather than changes on CUCM.

i.e. for 90% of organisations, use sAMAccountName for user ID

for the other 10%, use UPN

But for EM... have more intelligence in the EM service to allow login with extension and PIN, with some intelligence for resolving conflicts if they exist, which then looks up the correct associated account based on the extension number and authenticates with that account name (UPN/sAMAccountName) and PIN against the CUCM DB.



This Discussion