Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
7702
Views
20
Helpful
9
Replies

Active Directory Integration with CUCM 10.5

Go to solution
Anas Abueideh
Level 9
Level 9

ā€Ž02-24-2015 08:00 AM - last edited on ā€Ž03-25-2019 08:33 PM by Community Manager

Dear Experts,

I have recently upgrade call manager to version 10.5(2). all end users are defined as local Users.

the customer is looking to sync with active directory to centralize the source of user and unify the passwords needed for different applications, like Jabber, voicemail, uccx agents ...etc.

We have currently extension mobility configured, all end users associated with the device profiles.

what will happen to the current endusers , when I activate the LDAP integration ? all users will be deleted, or it will be updated ?

there is a huge configuration for enduser association with extension mobility.

Kindly note that the local user id configured in CCM is the same as it is configured in active directory.

Thanks for your help in advance

Regards

Anas

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

ā€Ž02-24-2015 08:09 AM

The same thing that has happened in CUCM ever since we got the LDAP integration, if they match the userID, they will simply be updated, if not, they will remain as local users (that last part only on 9.x+)

HTH

java

if this helps, please rate

View solution in original post

Go to solution
CHRIS CHARLEBOIS
Level 4
Level 4
In response to Jaime Valencia

ā€Ž02-24-2015 08:25 AM

Which means, in this case, that all device associations and EM profiles will be maintained, if the usernames match.  Passwords on CUCM accounts will be removed, in favor of AD authentication (assuming you are using AD authentication) and other fields that exist in AD will overwrite the field in CUCM (such as telephone number, department, and manager).  The telephone number field will only be used in directory lookup applications and does not necessarily have to match the DN of the primary line.

View solution in original post

Go to solution
CHRIS CHARLEBOIS
Level 4
Level 4
In response to Anas Abueideh

ā€Ž02-24-2015 11:26 AM

You have the option, when setting up the LDAP Directroy Synchronization, of selecting which AD Attribute will be used as the CM UserID.  In most cases, this will be the sAMAccountName or userPrincipalName.  Now, as for what happens if there is no match, I am fairly certain that since CUCM 9.X, any unmatched CM accounts will remain as Local User Accounts.  It is possible that this section of the SRND is a hold over from pre-9.X.

View solution in original post

9 Replies 9

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

ā€Ž02-24-2015 08:09 AM

The same thing that has happened in CUCM ever since we got the LDAP integration, if they match the userID, they will simply be updated, if not, they will remain as local users (that last part only on 9.x+)

HTH

java

if this helps, please rate

Go to solution
CHRIS CHARLEBOIS
Level 4
Level 4
In response to Jaime Valencia

ā€Ž02-24-2015 08:25 AM

Which means, in this case, that all device associations and EM profiles will be maintained, if the usernames match.  Passwords on CUCM accounts will be removed, in favor of AD authentication (assuming you are using AD authentication) and other fields that exist in AD will overwrite the field in CUCM (such as telephone number, department, and manager).  The telephone number field will only be used in directory lookup applications and does not necessarily have to match the DN of the primary line.

Go to solution
Anas Abueideh
Level 9
Level 9
In response to CHRIS CHARLEBOIS

ā€Ž02-24-2015 11:05 AM

Hi all,

thanks for the fast response.

I read the below from Collaboration 10 SRND

"An existing account in the Unified CM database before synchronization is maintained only if an
account imported from the LDAP directory has a matching attribute. The attribute that is matched to the Unified CM UserID is determined by the synchronization agreement."

that means if there is no match between the local enduser and LDAP user, it will be deleted.

kindly advise

Regards

Anas

0 Helpful

Go to solution
CHRIS CHARLEBOIS
Level 4
Level 4
In response to Anas Abueideh

ā€Ž02-24-2015 11:26 AM

You have the option, when setting up the LDAP Directroy Synchronization, of selecting which AD Attribute will be used as the CM UserID.  In most cases, this will be the sAMAccountName or userPrincipalName.  Now, as for what happens if there is no match, I am fairly certain that since CUCM 9.X, any unmatched CM accounts will remain as Local User Accounts.  It is possible that this section of the SRND is a hold over from pre-9.X.

Go to solution
keanej
Level 3
Level 3
In response to CHRIS CHARLEBOIS

ā€Ž07-28-2017 02:32 AM

Can someone confirm this ?

If there is no match - is the user deleted or maintained as a local end user?

Its critical information !

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to keanej

ā€Ž07-28-2017 06:36 AM

Any users that do not match on CUCM 9.x+ simply remain as local end users, users who match an LDAP user, turn into LDAP active users.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
aheredia05
Level 1
Level 1
In response to CHRIS CHARLEBOIS

ā€Ž11-04-2015 12:43 PM

Hello Chris,

I am going to integrate CUCM 10.5 with AD 2008, 

Will we still able to create users and DNs on CUCM?, or we have to create new users on AD first?

Thanks a lot or your help.

Regards.

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to aheredia05

ā€Ž11-04-2015 04:24 PM

On 9.x+ you can have both, local users, and LDAP synced users.

Your choice.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
Amit23
Level 4
Level 4

ā€Ž08-07-2015 11:28 PM

thanks for this discussion.

 

i have also cucm 10.5.x and also applied auto sync after 6 hours but every time i have to sync manually for find users update on CUCM.

 

what could be issue and how can solve it?

Warm Regard's
Amit Sahrma
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents