[cisco-voip] Moving LDAP Integrated Users across domains

Matthew Loraditch MLoraditch at heliontechnologies.com
Wed May 23 12:09:31 EDT 2018 

Luckily no UCCX and no Jabber yet, although they will be Jabbering after this migration completes.



Thanks all for the responses!




Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: www.heliontechnologies.com | e: MLoraditch at heliontechnologies.com
From: Ryan Huff <ryanhuff at outlook.com>
Sent: Wednesday, May 23, 2018 11:47 AM
To: Anthony Holloway <avholloway+cisco-voip at gmail.com>; Matthew Loraditch <MLoraditch at heliontechnologies.com>
Cc: cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] Moving LDAP Integrated Users across domains

Hello Mr. Loraditch!

If you have on-prem IM and Presence, send a note about folks’ contact/buddy lists needing updated (or take care of it on the backend with CSV files). My experience here though; its best, easiest and simpler if that remain a user action/item post move.

Alternatively, you could enable Flexible Jabber ID (FJID), so that the “moved” users have reachability through both domains (Ex. rhuff at beforedomian.com<mailto:rhuff at beforedomian.com> and rhuff at afterdomain.com<mailto:rhuff at afterdomain.com>). Though, it depends on whether your AD migration strategy includes leaving the “E-Mail” attribute in the AD profile for “rhuff at beforedomain.com<mailto:rhuff at beforedomain.com>” even though the profile itself is in a OU at afterdomain.com. Although, since FJID doesn’t work via MRA, it would only offer limited support if Collab Edge exists in your environment.

Thanks,

== Ryan ==


From: Anthony Holloway<mailto:avholloway+cisco-voip at gmail.com>
Sent: Wednesday, May 23, 2018 11:30 AM
To: Matthew Loraditch<mailto:MLoraditch at heliontechnologies.com>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Moving LDAP Integrated Users across domains

I actually just did this recently, and it was pretty painless.  Here is what I wrote in my plan for that step (high level):

---

We’ll delete the two AD sync agreements in place, then add the two new ones for the new domain, followed by updating the AD authentication to point to the new domain.

We’ll restart DirSync service on CUCM Publisher, and wait/watch for AD accounts to come back from Inactive status to Active status.

---

I would caution you if you have UCCX, to not login to it while you are doing this change.  That means, either shut it down, shut tomcat down, or just be really scary in your tone of voice when you tell everyone with login rights to not login.  UCCX will delete any Agent which is Inactive at the time you look at the Resource page.  I know from experience.



On Wed, May 23, 2018 at 10:17 AM Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
Anyone ever done this? We are doing Domain migrations at a client because of an acquisition. The users UPN will change, but not their sAMAccountName but the LDAP agreement they are coming from will.
Gonna test some dummy users today, but if anyone has any tips or known gotchas, let me know!


Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518<tel:443.541.1518>



w: www.heliontechnologies.com<http://www.heliontechnologies.com/>

 |

e: MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>


[cid:image722348.png at C60F9430.10BEDD26]


[Facebook]<https://facebook.com/heliontech>


[Twitter]<https://twitter.com/heliontech>


[LinkedIn]<https://www.linkedin.com/company/helion-technologies>




[Helion joins Automotive CX Summit]<https://heliontechnologies.com/events/14th-annual-automotive-cx-summit-hosted-thought-leadership-summits/>




_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/ab5d3697/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image256354.png
Type: image/png
Size: 8404 bytes
Desc: image256354.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/ab5d3697/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image210950.png
Type: image/png
Size: 431 bytes
Desc: image210950.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/ab5d3697/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image136450.png
Type: image/png
Size: 561 bytes
Desc: image136450.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/ab5d3697/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image229873.png
Type: image/png
Size: 444 bytes
Desc: image229873.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/ab5d3697/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image335262.png
Type: image/png
Size: 98566 bytes
Desc: image335262.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180523/ab5d3697/attachment-0004.png>

More information about the cisco-voip mailing list