[cisco-voip] CCM6 with AD integration - moving users to new ADdomain

Thorsten.Mayr at barclayscapital.com Thorsten.Mayr at barclayscapital.com
Mon Jan 5 08:13:50 EST 2009


Doh, forgot the sid cleanup indeed...
SAM should be enough though as CUCM won't have visibility of SID or even
if, won't understand it. It's not a supported attrib/field afaik

But thx for clarifying. Good old AD days ;) 

> -----Original Message-----
> From: Dane Newman [mailto:dane.newman at gmail.com] 
> Sent: Monday, January 05, 2009 1:07 PM
> To: Mayr, Thorsten: IT (LDN)
> Cc: <mark.mills at baesystems.com>; <cisco-voip at puck.nether.net>
> Subject: Re: [cisco-voip] CCM6 with AD integration - moving 
> users to new ADdomain
> 
> They will keep the same Sam but not sid you might bethinking 
> of the sid history attribute which is migrated to retain 
> access to resources but is stripped at the end of a migration 
> for securty best practices
> 
> Sent from my iPhone
> 
> On Jan 5, 2009, at 5:19 AM, <Thorsten.Mayr at barclayscapital.com> wrote:
> 
> > If they do a proper migration... They will keep the same 
> SAM/SID and 
> > you should be fine, I haven't done it myself with respect 
> to CUCM, but 
> > I would assume if you allow both OU's in the LDAP synch.. When they 
> > move them over, you might be fine...
> >
> > However test and confirm this in the lab / with your AS 
> team first...
> >
> > It maybe that CUCM thinks when it can't see it via one 
> query that the 
> > account is indeed inactive... Need to read up if CUCM copies the 
> > account and what other references are being added when it does.
> >
> > Easy test would be, add a different OU to be synched... Move a user 
> > into that OU and see what CUCM thinks.. Verify with your AD 
> team how 
> > they are performing the migration... And tell them to do it 
> clean :) 
> > so users keep sid/sam.
> >
> > Cheers
> > T
> >
> >
> >> -----Original Message-----
> >> From: cisco-voip-bounces at puck.nether.net
> >> [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of 
> MILLS, Mark
> >> Sent: Monday, January 05, 2009 1:24 AM
> >> To: cisco-voip at puck.nether.net
> >> Subject: [cisco-voip] CCM6 with AD integration - moving 
> users to new 
> >> ADdomain
> >>
> >>
> >> Hi,
> >>
> >> Our current CCM6 installation uses Active Directory syncronisation 
> >> for all end users to a Windows domain.
> >>
> >> In the near future, due to company acquisitions, the Windows Admin 
> >> groups are creating a new Windows AD domain and all users will be 
> >> moved over to the new domain and the old one turned off.  
> The users 
> >> will be keeping the same username format and their 
> telephone details 
> >> etc will be the same in the new AD structure that is being created.
> >>
> >> Does anyone have any experience on what this would do to 
> the users in 
> >> CCM, and how I would go about syncing against the new domain, but 
> >> keeping all the users, profiles and preferences the same to cause
> >> minimum disruption to the end users?    Im hoping it will be as  
> >> simple
> >> as pointing CCM at the new AD servers and it will figure 
> everything 
> >> out, but nothing is ever as simple as I hope  :)
> >>
> >> Thanks in advanced,
> >>  -  Mark
> >> "Warning:
> >> The information contained in this email and any attached files is 
> >> confidential to BAE Systems Australia. If you are not the intended 
> >> recipient, any use, disclosure or copying of this email or any 
> >> attachments is expressly prohibited.  If you have received 
> this email 
> >> in error, please notify us immediately. VIRUS: Every care has been 
> >> taken to ensure this email and its attachments are virus free, 
> >> however, any loss or damage incurred in using this email 
> is not the 
> >> sender's responsibility.  It is your responsibility to 
> ensure virus 
> >> checks are completed before installing any data sent in 
> this email to 
> >> your computer."
> >>
> >>
> >> _______________________________________________
> >> cisco-voip mailing list
> >> cisco-voip at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-voip
> >>
> > _______________________________________________
> >
> > This e-mail may contain information that is confidential, 
> privileged 
> > or otherwise protected from disclosure. If you are not an intended 
> > recipient of this e-mail, do not duplicate or redistribute 
> it by any 
> > means. Please delete it and any attachments and notify the 
> sender that 
> > you have received it in error. Unless specifically indicated, this 
> > e-mail is not an offer to buy or sell or a solicitation to 
> buy or sell 
> > any securities, investment products or other financial product or 
> > service, an official confirmation of any transaction, or an 
> official 
> > statement of Barclays. Any views or opinions presented are solely 
> > those of the author and do not necessarily represent those of 
> > Barclays. This e-mail is subject to terms available at the 
> following 
> > link: www.barcap.com/emaildisclaimer. By messaging with 
> Barclays you 
> > consent to the foregoing.  Barclays Capital is the 
> investment banking 
> > division of Barclays Bank PLC, a company registered in 
> England (number 
> > 1026167) with its registered offi!
> > ce at 1 Churchill Place, London, E14 5HP.  This email may 
> relate to or 
> > be sent from other members of the Barclays Group.
> > _______________________________________________
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> 
_______________________________________________

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.
_______________________________________________


More information about the cisco-voip mailing list