Solved: Department and Manager not being synced from AD to CUCM

James Hawkins · ‎02-18-2014

Hello,

I have CUCM 9.1.2.11900-12 which is set to sync with Active Directory on Windows Server 2012 Standard.

The sync is working ok but the department and manager attributes are not being populated in CUCM.

The attributes are present in AD and unlike say Telephone Number there is no choice of attributes to be mapped to CUCM fields.

Has anyone seen this?

Chris Deren · ‎02-18-2014

James,

AD 2012 is not supported to any CUCM version that is available today for LDAP, I believe the first supported version is targeted to be 10.5. This may be the culprit, however since you are running unsupported version TAC may not be able to assist you.

HTH,

Chris

View solution in original post

Jaime Valencia · ‎02-18-2014

Actually 10.0 does support LDAP 2012

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/10_0_1/ccmsys/CUCM_BK_SE5FCFB6_00_cucm-system-guide-100/CUCM_BK_SE5FCFB6_00_cucm-system-guide-100_chapter_010011.html

Microsoft Active Directory 2003 R1/R2 (32-bit)
Microsoft Active Directory 2008 R1(32-bit)/R2(64-bit)
Microsoft Active Directory Application Mode 2003 R1/R2 (32-bit)
Microsoft Active Directory 2012
Microsoft Lightweight Directory Services 2008 R1(32-bit)/R2(64-bit)
Microsoft Lightweight Directory Services 2012
Sun ONE Directory Server 7.0
OpenLDAP 2.3.39
OpenLDAP 2.4
Oracle Directory Server Enterprise Edition 11gR1

But as Chris says, there's no telling what to expect with such combination.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

View solution in original post

James Hawkins · ‎02-19-2014

Hi guys,

I have found a solution!

My LDAP setup was set to sync using port 3268 (global catalog). In the 9.x SRND I read that employeenumber is not present by default in the Global Catalog so I wondered if AD 2012 does not put department and manager in Global Catalog.

I changed the port on my LDAP sync from 3268 to 389, did a sync and hey presto the missing information appeared in CUCM

I missed the global catalog info from my in initial post so apologies for not sharing the full details but your suggestions put me on the right thought path to resolve the issue.

Cheers

James

View solution in original post

Chris Deren · ‎02-18-2014

James,

AD 2012 is not supported to any CUCM version that is available today for LDAP, I believe the first supported version is targeted to be 10.5. This may be the culprit, however since you are running unsupported version TAC may not be able to assist you.

HTH,

Chris

Jaime Valencia · ‎02-18-2014

Actually 10.0 does support LDAP 2012

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/10_0_1/ccmsys/CUCM_BK_SE5FCFB6_00_cucm-system-guide-100/CUCM_BK_SE5FCFB6_00_cucm-system-guide-100_chapter_010011.html

Microsoft Active Directory 2003 R1/R2 (32-bit)
Microsoft Active Directory 2008 R1(32-bit)/R2(64-bit)
Microsoft Active Directory Application Mode 2003 R1/R2 (32-bit)
Microsoft Active Directory 2012
Microsoft Lightweight Directory Services 2008 R1(32-bit)/R2(64-bit)
Microsoft Lightweight Directory Services 2012
Sun ONE Directory Server 7.0
OpenLDAP 2.3.39
OpenLDAP 2.4
Oracle Directory Server Enterprise Edition 11gR1

But as Chris says, there's no telling what to expect with such combination.

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

Chris Deren · ‎02-18-2014

Right, but 2012 R2 is not supported which is what anyone running 2012 would be running most likely.

Chris

James Hawkins · ‎02-19-2014

Hi guys,

I have found a solution!

My LDAP setup was set to sync using port 3268 (global catalog). In the 9.x SRND I read that employeenumber is not present by default in the Global Catalog so I wondered if AD 2012 does not put department and manager in Global Catalog.

I changed the port on my LDAP sync from 3268 to 389, did a sync and hey presto the missing information appeared in CUCM

I missed the global catalog info from my in initial post so apologies for not sharing the full details but your suggestions put me on the right thought path to resolve the issue.

Cheers

James

yeopaul · ‎12-21-2015

Hi Java,

My customer is using a 7.x cucm, syncing to 2012. However all new records are not sync over.

I read some of the thread that cucm will mark records as inactive but activate it once compare with AD, the inactive account will be purged after the cleanup.

My questions :

1) will the records of old accounts stay until the cucm is upgraded to version 10?

2) Can we remove the purging activity?

Thanks a lot in advance.

regards,

Ryghnes

Jaime Valencia · ‎12-21-2015

It should be pretty clear by now that what you're doing is definitely not supported, and no one can tell you what's the expected behavior of that.

1 No way to tell you that in your scenario, I'd assume they would, but no idea of what to expect from what you're doing.

2 No, as long as you want an LDAP integration to be active, there is no control whatsoever on the garbage disposal mechanism, you would need to disable all together the LDAP integration/authentication to stop the process.

HTH

java

if this helps, please rate

yeopaul · ‎12-22-2015

Hi Java,

Thanks a lot for the advice. Appreciate much.