Fred,

Yes you got it!

Option 1 is not something that is feasible at this time.

I am trying to hide system users like jtapi, rmjtapi, ac etc.

There was a post on this with a different work around a while back in this forum. I cant seem to find it.

Maybe you mean the following Topic:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Archive&topic=Voice%20and%20Video&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd712ab/5#selected_message

Sankar you might want to try the following:

HIDE USERS

****************************************

DC DIRECTORY

You can hide users from beeing visible in the Corporate Directory.

For doing this, you have 2 options:

1) Set the first name to blank and put the whole name in the last name

field. Full Administrator users will not appear in the corporate

directory.

2) To hide a user in DC Directory:

First, cut and paste the following 4 lines into a file called "hideuser.ldif"

text file, and save it in the C: drive of the publisher callmanager server.

dn: cn=[userid],ou=users,o=cisco.com

changeType: modify

replace: Description

Description: CiscoPrivateUser

Set the [userid] to be the user you would like to hide. Example for the

UserID "ctifw":

dn: cn=ctifw,ou=users,o=cisco.com

changeType: modify

replace: Description

Description: CiscoPrivateUser

Next run the following command from a cmd prompt on the publisher callmanager

server in order to set the description field in DC Directory.

ldapmodify -h -p 8404 -D "cn=Directory

Manager,o=cisco.com"

-w -c -f hideuser.ldif

From 3.3 onwards, system users (or special users) are filtered out from the

search results. The users are filtered based on the attribute "Description".

If "Description" is CiscoPrivateUser, the user is not displayed in search

results from Corporate Directory or Users->Global Directory.

******************************************************************

AD DIRECTORY

To hide a user in AD do the following:

* If integrated with AD 2000:

----------------------------------------

dn: cn=[userid], CN=users, dc=[domain], dc=com

changeType: modify

replace: Description

Description: CiscoPrivateUser

Save this file on the AD server as "hideuser.ldif".

Then execute on the AD server:

ldifde -i -f hideuser.ldif

* If integrated with AD 2003:

----------------------------------------

Copy the following 5 lines (please note the '-' after the four lines. In

AD2K3, this is required and has changed from AD2K) into a text file and

replace the [userid] with the userid of the user that needs to be

hidden. Replace the [domain] with your domain. Save this file on the AD

server as "hideuser.ldif".

dn: cn=[userid], CN=users, dc=[domain], dc=com

changeType: modify

replace: Description

Description: CiscoPrivateUser

-

Then execute on the AD server:

ldifde -i -f hideuser.ldif

Jorge,

I believe Sankar is trying to achieve phone directory lookup without hiding the users from the CCMAdmin.

Option 1, I tried and the user is still searchable via the phone. Can you explain this better? It's not searchable by first name but is by last name.

Option 2 hides the user in DCD or AD which he is trying to avoid.

Thanks

Fred

I used the DC Directory modification instructions, and they worked to hide the user from user queries. My question is, how can this later be undone? Will any "Description" other than "CiscoPrivateUser", effectively bring this user back to user query results?

Eric,

This was a good post. I tried what was in this original article with using the @, ! and -, it's definitely a good workaround but technically is still searchable from the phone. The only reason why I state this is this might be a security reason why he doesn't want some accounts to be shown.

Thanks

Fred

Jorge,

Fred is right.

I already tried Option 2 with DCD. This hides the user completely from being searchable via web and via phone. I want the user to be searchable via web, but not the phone. I want to be able to modify device associations for these users via web, but at the same time hide them when you search via phone. (For system users like ac, jtapi, rmjtapi etc)

Keen to find out how option 1 works. I tried that but doesnt seem to work.

Thanks..

Sankar,

Did you ever get this to work?

Chris

Nope,

You can use the ldapmodify command specified in the technote that was posted earlier in the post to hide the user, but then the user is removed from the web config page as well.

I didnt find a sol. yet.

Keeping my ears open!!

The way I hide users in the DC Directory is to leave the First Name field blank and on the Last Name field enter first and last name with no spaces. The user is no longer displayed on the phone when doing searches, but I'm still able to search for the user using either first or last name using CCM.

Larry