Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Hiding AD Users from Corporate Directory

We are running Cisco CallManager 6.1.1.3101-1. We have a lot of AD accounts that are not employees and do not have phones associated with them. We would like to hide these from the Corporate Directory.

I have updated all the those accounts by entering CiscoPrivateUser in the description field. I also tried the ldif file, although I suspect that's doing the same thing. Neither worked.

One solution I saw was to move those accounts to a separate OU and not sync, but we'd rather not to that if it can be helped.

Is there any other way to do this?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Red

Re: Hiding AD Users from Corporate Directory

Hi Rick,

Maybe you could try the methods that are listed here, with excellent tips from Liz, James and Nigel;

6.x and later;

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified Communications and Video&topic=IP Phone Services for End Users&topicID=.ee6c82d&fromOutline=&CommCmd=MB?cmd=display_location&location=.2cbf8837

Hope this helps!

Rob

Edit: Sorry this didn't paste properly, please just copy/paste in browser :)

Re: Hiding AD Users from Corporate Directory

The CiscoPrivateUser tag no longer works in CUCM 6.x. One option is to use a character that is not LDAP compliant, such as ~, in front of the first/last name in AD.

Hope this helps.

Brandon

6 REPLIES
Hall of Fame Super Red

Re: Hiding AD Users from Corporate Directory

Hi Rick,

Maybe you could try the methods that are listed here, with excellent tips from Liz, James and Nigel;

6.x and later;

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified Communications and Video&topic=IP Phone Services for End Users&topicID=.ee6c82d&fromOutline=&CommCmd=MB?cmd=display_location&location=.2cbf8837

Hope this helps!

Rob

Edit: Sorry this didn't paste properly, please just copy/paste in browser :)

New Member

Re: Hiding AD Users from Corporate Directory

Thanks, the tilde method worked great.

New Member

Re: Hiding AD Users from Corporate Directory

Correction, the Tilde method is probably sufficient, but it does not hide them. It puts them at the end of the list so alphabetically it comes after Z.

It would be nice to hide them all together.

Re: Hiding AD Users from Corporate Directory

A method that hides users:

1. Create an AD account specifically to use for the CUCM integration.

2. In AD, grant this account access to your domain.

3. In AD put an explicit Deny on each user account (or OU) that you do not want imported to CUCM.

Hope this helps.

Brandon

Re: Hiding AD Users from Corporate Directory

The CiscoPrivateUser tag no longer works in CUCM 6.x. One option is to use a character that is not LDAP compliant, such as ~, in front of the first/last name in AD.

Hope this helps.

Brandon

New Member

Re: Hiding AD Users from Corporate Directory

I know this is a little late to the party. Clearing the last name field in AD will keep the LDAP from syncing that account. If you do that & do a sync the account will list as "inactive". It has to be inactive for at least 24 when garbage collection runs for it do be permanently removed from the CUCM directory.

370
Views
0
Helpful
6
Replies
CreatePlease to create content