Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Active Directory Integration with CUCM 10.5

Dear Experts,

I have recently upgrade call manager to version 10.5(2). all end users are defined as local Users.

the customer is looking to sync with active directory to centralize the source of user and unify the passwords needed for different applications, like Jabber, voicemail, uccx agents ...etc.

We have currently extension mobility configured, all end users associated with the device profiles.

what will happen to the current endusers , when I activate the LDAP integration ? all users will be deleted, or it will be updated ?

there is a huge configuration for enduser association with extension mobility.

Kindly note that the local user id configured in CCM is the same as it is configured in active directory.

Thanks for your help in advance

Regards

Anas

Everyone's tags (1)
3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

The same thing that has

The same thing that has happened in CUCM ever since we got the LDAP integration, if they match the userID, they will simply be updated, if not, they will remain as local users (that last part only on 9.x+)

HTH

java

if this helps, please rate

www.cisco.com/go/pdi

Which means, in this case,

Which means, in this case, that all device associations and EM profiles will be maintained, if the usernames match.  Passwords on CUCM accounts will be removed, in favor of AD authentication (assuming you are using AD authentication) and other fields that exist in AD will overwrite the field in CUCM (such as telephone number, department, and manager).  The telephone number field will only be used in directory lookup applications and does not necessarily have to match the DN of the primary line.

Highlighted

You have the option, when

You have the option, when setting up the LDAP Directroy Synchronization, of selecting which AD Attribute will be used as the CM UserID.  In most cases, this will be the sAMAccountName or userPrincipalName.  Now, as for what happens if there is no match, I am fairly certain that since CUCM 9.X, any unmatched CM accounts will remain as Local User Accounts.  It is possible that this section of the SRND is a hold over from pre-9.X.

9 REPLIES
Cisco Employee

The same thing that has

The same thing that has happened in CUCM ever since we got the LDAP integration, if they match the userID, they will simply be updated, if not, they will remain as local users (that last part only on 9.x+)

HTH

java

if this helps, please rate

www.cisco.com/go/pdi

Which means, in this case,

Which means, in this case, that all device associations and EM profiles will be maintained, if the usernames match.  Passwords on CUCM accounts will be removed, in favor of AD authentication (assuming you are using AD authentication) and other fields that exist in AD will overwrite the field in CUCM (such as telephone number, department, and manager).  The telephone number field will only be used in directory lookup applications and does not necessarily have to match the DN of the primary line.

Hi all,thanks for the fast

Hi all,

thanks for the fast response.

I read the below from Collaboration 10 SRND

"An existing account in the Unified CM database before synchronization is maintained only if an
account imported from the LDAP directory has a matching attribute. The attribute that is matched to the Unified CM UserID is determined by the synchronization agreement."

that means if there is no match between the local enduser and LDAP user, it will be deleted.

kindly advise

Regards

Anas

Highlighted

You have the option, when

You have the option, when setting up the LDAP Directroy Synchronization, of selecting which AD Attribute will be used as the CM UserID.  In most cases, this will be the sAMAccountName or userPrincipalName.  Now, as for what happens if there is no match, I am fairly certain that since CUCM 9.X, any unmatched CM accounts will remain as Local User Accounts.  It is possible that this section of the SRND is a hold over from pre-9.X.

Community Member

Can someone confirm this ?

Can someone confirm this ?

If there is no match - is the user deleted or maintained as a local end user?

Its critical information !

Cisco Employee

Any users that do not match

Any users that do not match on CUCM 9.x+ simply remain as local end users, users who match an LDAP user, turn into LDAP active users.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
Community Member

Hello Chris,

Hello Chris,

I am going to integrate CUCM 10.5 with AD 2008, 

Will we still able to create users and DNs on CUCM?, or we have to create new users on AD first?

Thanks a lot or your help.

Regards.

Cisco Employee

On 9.x+ you can have both,

On 9.x+ you can have both, local users, and LDAP synced users.

Your choice.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
Community Member

thanks for this discussion. i

thanks for this discussion.

 

i have also cucm 10.5.x and also applied auto sync after 6 hours but every time i have to sync manually for find users update on CUCM.

 

what could be issue and how can solve it?

Warm Regard's =========== Amit
4057
Views
5
Helpful
9
Replies
CreatePlease to create content