12-17-2013 10:28 AM - edited 03-16-2019 08:54 PM
I need to split our company across two AD Forests and do not want to setup AD LDS for Dirsync and authentication. Can I disable LDAP synchronization on CUCM 8.5.1 and have it leave the current users objects? I would look to add passwords to each of the users in the Cisco directory and have Cisco perform the authenication locally.
12-17-2013 11:00 AM
This has been asked quite some times at CSC, a search would have provided the answer to your question.
https://supportforums.cisco.com/message/3558269#3558269
https://supportforums.cisco.com/message/3886790#3886790
HTH
java
if this helps, please rate
www.cisco.com/go/pdihelpdesk
12-17-2013 01:27 PM
The threads recommend that I remove LDAP synchronization and authentication on CUCM Admin. Then run this command:
You can conver the users back to standard CUCM users using sql query update...Ths is easy to do
run sql update enduser set status=1
Will this procedure work?
1) remove LDAP sync and auth from CUCM Admin (stay signed in)
2) run the update on the enduser table (before the 3:15am garbage collection run)
3) I assume that none of the end user accounts can be used now since the passwords were stored on AD and not in the enduser table. I would have to update each of the enduser entries and add a password.
What could go wrong?
12-19-2013 08:56 AM
Does anyone have an opinion if my method will work above?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide