[cisco-voip] Moving LDAP Integrated Users across domains

Ryan Huff ryanhuff at outlook.com
Wed May 23 11:46:47 EDT 2018


Hello Mr. Loraditch!

If you have on-prem IM and Presence, send a note about folks’ contact/buddy lists needing updated (or take care of it on the backend with CSV files). My experience here though; its best, easiest and simpler if that remain a user action/item post move.

Alternatively, you could enable Flexible Jabber ID (FJID), so that the “moved” users have reachability through both domains (Ex. rhuff at beforedomian.com<mailto:rhuff at beforedomian.com> and rhuff at afterdomain.com<mailto:rhuff at afterdomain.com>). Though, it depends on whether your AD migration strategy includes leaving the “E-Mail” attribute in the AD profile for “rhuff at beforedomain.com” even though the profile itself is in a OU at afterdomain.com. Although, since FJID doesn’t work via MRA, it would only offer limited support if Collab Edge exists in your environment.

Thanks,

== Ryan ==


From: Anthony Holloway<mailto:avholloway+cisco-voip at gmail.com>
Sent: Wednesday, May 23, 2018 11:30 AM
To: Matthew Loraditch<mailto:MLoraditch at heliontechnologies.com>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Moving LDAP Integrated Users across domains

I actually just did this recently, and it was pretty painless.  Here is what I wrote in my plan for that step (high level):

---

We’ll delete the two AD sync agreements in place, then add the two new ones for the new domain, followed by updating the AD authentication to point to the new domain.

We’ll restart DirSync service on CUCM Publisher, and wait/watch for AD accounts to come back from Inactive status to Active status.

---

I would caution you if you have UCCX, to not login to it while you are doing this change.  That means, either shut it down, shut tomcat down, or just be really scary in your tone of voice when you tell everyone with login rights to not login.  UCCX will delete any Agent which is Inactive at the time you look at the Resource page.  I know from experience.



On Wed, May 23, 2018 at 10:17 AM Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
Anyone ever done this? We are doing Domain migrations at a client because of an acquisition. The users UPN will change, but not their sAMAccountName but the LDAP agreement they are coming from will.
Gonna test some dummy users today, but if anyone has any tips or known gotchas, let me know!


Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518<tel:443.541.1518>



w: www.heliontechnologies.com<http://www.heliontechnologies.com/>

 |

e: MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>


[cid:image722348.png at C60F9430.10BEDD26]


[Facebook]<https://facebook.com/heliontech>


[Twitter]<https://twitter.com/heliontech>


[LinkedIn]<https://www.linkedin.com/company/helion-technologies>




[Helion joins Automotive CX Summit]<https://heliontechnologies.com/events/14th-annual-automotive-cx-summit-hosted-thought-leadership-summits/>




_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/a36fe34d/attachment.html>


More information about the cisco-voip mailing list