Thank you for your insight on the topic. What you are saying is good advice, only this service account would have to also appear in the Directory, and that is ugly. We use LDAP filters to specifically avoid listing service accounts in the Directory. Again, thank you for your input.<div>
<br></div><div>Anthony<br><br><div class="gmail_quote">On Mon, Feb 14, 2011 at 12:50 PM, Adel Abushaev <span dir="ltr"><<a href="mailto:adel.abushaev@gmail.com">adel.abushaev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Can you reference a domain admin account from AD? Those rarely change,<br>
mostly never. It probably is not Administrator, for security reasons<br>
(which delays the hacking person only by about 5 minutes in total),<br>
but people rename Administrator to something less appealing. Since<br>
this is an account that you don't plan to use on user devices, it<br>
might be a good candidate for your purposes, if IT folks do not want<br>
to create a service account.<br>
<br>
Actually creating service account would be more secure, it needs to be<br>
a very deeply restricted user, with absolutely no permissions other<br>
than just being there, and UCM_DO_NOT_DELETE is a nice name for it.<br>
<br>
But first try selling them the story that Call Manager doesn't have<br>
local user directory when it's integrated with AD, and there is<br>
absolutely no way you could create that user without them.<br>
<br>
Adel.<br>
<div><div></div><div class="h5"><br>
On Sat, Feb 12, 2011 at 7:00 AM, Anthony Holloway<br>
<<a href="mailto:avholloway%2Bcisco-voip@gmail.com">avholloway+cisco-voip@gmail.com</a>> wrote:<br>
> Group,<br>
> When you create an RDP Template it makes you select an End User to associate<br>
> to the RDP. It doesn't have to be a Mobility enabled user, just any old End<br>
> User will do. If one were to choose the first user in the list as<br>
> an efficient way to set that value, and this user ends up leaving the<br>
> organization, and the AD account gets scrubbed, well, then your RDP Template<br>
> gets deleted automatically.<br>
> I can see that by having a dedicated service account in my end user's list,<br>
> named something like: rdp_template, would alleviate that problem, but now I<br>
> have to explain to the client why they need to create dummy account on their<br>
> AD side.<br>
> How have others tackled this? Am I missing something, such that creating<br>
> dummy users is the norm?<br>
> Anthony<br>
</div></div>> _______________________________________________<br>
> cisco-voip mailing list<br>
> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
><br>
><br>
</blockquote></div><br></div>