I currently have domain1.com integrated with CUCM using LDAP and am authenticating against it for ccmuser and UCCX.
Another tree in the AD forest is being added and I need to provide CUCM authentication against it. For example, domain1.com exists now, and domain2.com is being added. A trust relationship exists between the two.
I have imported users from domain2.com. That part is fine. I simply cannot authenticate the domain2.com users.
I am currently importing based upon samAccountName, and believe I should use UPN, and authenticate against a GC.
The question is, since I am currently using samAccountName, if I convert everything to UPN, will all of the end-user account settings carry over to the UPN when the accounts are re-imported? Likewise, will the settings that are currently listed for the agents in UCCX change or carry over after the change from samAccountName to UPN?
I'm hopeful that CUCM sees these accounts as the same even though the userID will have changed.
All good questions. Unfortunately, I don't think that the CUCM will make the association you are hoping it does. If you change the mapping for the CUCM user id to the UPN in AD, the next run of DirSync will see the users as "new" users and existing users will be flagged for deletion.
At least that is what I expect would happen. I haven't tested with UPN myself, but when I have changed the user id mapping to another value (like telephoneNumber) my users were disassociated and flagged for deletion. What I did was export existing CUCM end user data (via BAT) and import the data in excel. Then I exported data from AD, did a mapping and changed the user id value in my excel sheet. Save it to a CSV and re-import it (with device associations, primary extensions, etc.). At this point I have increased by end user table by 2 times. Then I changed the AD attribute and the "old" user IDs were flagged to be deleted. 24 hours later, I was back to the same user count and using the new attribute value.
I did lab this out last night. I actually found that moving from SAM to UPN and back would retain account settings. Here's the process I used:
- Turn off LDAP Sync - All Users go Inactive
- Change to UPN
- Turn on LDAP Sync
- Re-add LDAP directory
All users will go active and are not duplicated. In other words, if I have user1 before the process begins, user1 simply becomes firstname.lastname@example.org. Furthermore, if user1 changes to domain2, the account simply becomes email@example.com. The settings were retained through the entire process.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.