Removing Active Directory Synchronization - will it delete all e

Arbor Admin · ‎12-17-2013

I need to split our company across two AD Forests and do not want to setup AD LDS for Dirsync and authentication. Can I disable LDAP synchronization on CUCM 8.5.1 and have it leave the current users objects? I would look to add passwords to each of the users in the Cisco directory and have Cisco perform the authenication locally.

Jaime Valencia · ‎12-17-2013

This has been asked quite some times at CSC, a search would have provided the answer to your question.

https://supportforums.cisco.com/message/3558269#3558269

https://supportforums.cisco.com/message/3886790#3886790

HTH

java

if this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

Arbor Admin · ‎12-17-2013

The threads recommend that I remove LDAP synchronization and authentication on CUCM Admin. Then run this command:

You can conver the users back to standard CUCM users using sql query update...Ths is easy to do

run sql update enduser set status=1

Will this procedure work?

1) remove LDAP sync and auth from CUCM Admin (stay signed in)

2) run the update on the enduser table (before the 3:15am garbage collection run)

3) I assume that none of the end user accounts can be used now since the passwords were stored on AD and not in the enduser table. I would have to update each of the enduser entries and add a password.

What could go wrong?

Arbor Admin · ‎12-19-2013

Does anyone have an opinion if my method will work above?

Thanks

Removing Active Directory Synchronization - will it delete all end-users?