Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Extension Mobility using UPN attribute

Hi all,

I am facing the possibility of having to move to using UPN instead of samAccountName as my AD integration attribute as another division running on a separate AD forest want to utilise our CUCM 7.1(3) cluster.

We primarily use extension mobility. I assume once you go down the UPN path you have to logon to extension mobility on the phone using the whole via DTMF? (ugly!!!)

It gets even trickier with Unity.

We have provided them "Linked Mailboxes" on our exchange environment. Following Microsoft's recommendation this is done by giving them a disabled AD account with mailbox in our AD forest that is then linked through exchange to their active AD account (master account is the exchange term) in their AD. There is a trust between the domains but passwords are not synched between the disabled and active AD accounts.

This all works nicely from an exchange / outlook perspective but doesn't look too simple to get them working as CUCM users with unified messaging. Unity can only see the disabled AD account in our AD.

All this was done without speaking to the voice team of course to see what the implications were for telephony both for existing users and the new. :-)

I have a UCCX 7.0(1) SR5 contact centre just to add to the mix :-)

Anyone been down this path before??

New Member

Hi Glenn, Did you ever get a

Hi Glenn,


Did you ever get a fix for avoiding the ugly DTMF login?



Super Bronze

I've thought about this a few

I've thought about this a few times... to me it seems that the options on CUCM just aren't comprehensive enough, and what's needed is an overhaul to the EM service rather than changes on CUCM.

i.e. for 90% of organisations, use sAMAccountName for user ID

for the other 10%, use UPN

But for EM... have more intelligence in the EM service to allow login with extension and PIN, with some intelligence for resolving conflicts if they exist, which then looks up the correct associated account based on the extension number and authenticates with that account name (UPN/sAMAccountName) and PIN against the CUCM DB.


Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
New Member

Cheers Aaron

Cheers Aaron