Guest

Cisco Unified Communications Manager (CallManager)

CallManager DC Directory and Active Directory - Hide Users

Cisco - CallManager DC Directory and Active Directory - Hide Users

Document ID: 65594

Updated: Jan 31, 2006

   Print

Introduction

This document explains how to hide users when you do not want them to appear in the corporate directory. These users can be CTI users, Attendant Console, Cisco Emergency Responder, Cisco Conference Connection, and so forth. The CCMSysUser, CCMAdministrator, and PMASysUser users are already hidden by default.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Cisco CallManager Administration.

  • Directory management

Components Used

The information in this document is based on Cisco CallManager 4.x and later.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Hide Users in DC Directory

Note: After you run the script, the user is hidden in the corporate directory and the CCMadmin user page. See the Unhide User section of this document in order to add the user back.

Complete these steps in order to hide users in DC Directory:

  1. Open Notepad on the publisher server.

  2. Cut and paste these four lines and save the file as a text file on the C: drive as hideuser.ldif.

    Note:  The spaces must appear as this output shows. Ensure that there are no extra spaces in the LDIF file. Otherwise, the script fails when you run it.

    dn: cn=[userid], ou=users, o=cisco.com
    changeType:modify
    replace:Description
    Description:CiscoPrivateUser
  3. Set the [userid] to be the user you want to hide. For example:

    dn: cn=ctiuser, ou=users, o=cisco.com
    changeType:modify
    replace:Description
    Description:CiscoPrivateUser
  4. Choose Start > Run > cmd in order to open a command prompt on the publisher server, and run this script in order to set the description field in DC Directory:

    ldapmodify -h <server name> -p 8404 -D "cn=Directory
    Manager,o=cisco.com" -w <DCDAdmin Password> -c -f hideuser.ldif.txt

    This output shows a successful run:

    C:\>ldapmodify -h CallManagerPub -p 8404 -D 
    "cn=Directory Manager, o=cisco.com" -w Cisco -c -f hideuser.ldif.txt
    modifying entry cn=ctiuser, ou=users, o=cisco.com

Hide Users in Active Directory 2000

Use Microsoft Active Directory Service Interfaces (ADSIEdit), available as a part of the Windows 2000 Support Tools, or any other LDAP tool, in order to update the Description field. Add the string CiscoPrivateUser to the Description field of the user. If the tool is not available, use this output:

dn: cn=[userid], CN=users, dc=[domain], dc=com
changeType: modify
replace: Description
Description: CiscoPrivateUser

Save this file on the Active Directory server as hideuser.ldif. Then execute ldifde -I -f hideuser.ldif on the Active Directory server.

Hide Users in Active Directory 2003

Copy these five lines (note the '-' after the first four lines). In Active Directory 2003, this is required and has changed from Active Directory 2002 into a text file. Replace [userid] with the userid of the user that you need to hide. Replace [domain] with your domain. Save this file on the Active Directory server as hideuser.ldif.

dn: cn=[userid], CN=users, dc=[domain], dc=com
changeType: modify
replace: Description
Description: CiscoPrivateUser
-

Execute ldifde -i -f hideuser.ldif on the Active Directory server.

Hide users in DC Directory and Active Directory when syncronising with Cisco Unified Call Manager 5.x and later

Since LDAP integration architecture changed much between Cisco CallManager 4.x and Cisco CallManager 5.x, complete these steps in order to hide a user in Cisco CallManager 5.x.

Note: In Cisco Unified Communications Manager 5.x and later, you cannot set the Description to CiscoPrivateUser in order to hide the users. It is not supported.

If your Cisco Unified Communication Manager is Linux based, use these workarounds:

  1. The application users do not appear in the corporate directory from the IP Phones. So, for users that you do not want to show up in the Corporate directory, make them as application users. After this, you can delete them from Active Directory or DC directory, if you upgrade to a Linux based Cisco Unified Communication Manager from Cisco CallManager 4.x

  2. If you do not want to delete users in the Active Directory or DC Directory, you can also associate the users you want to hide with a different Organizational Unit so that Cisco Unified Communication Manager does not have to deal with them. Then, create new supplementary application users.

    Refer to Configuring an Application User for more information.

If your Cisco Unified Communication Manager is Windows based, use these workarounds:

  1. Cisco Unified Communication Manager does not sync users without the LastName attribute in the Active Directory or DC Directory. So you can remove the last name of the user that you want to hide from the Active directory or DC Directory.

  2. You can configure access control lists on the Active Directory side in order to prevent the distinguished name to appear in the corporate directory.

  3. You can add some special character, such as "[", to the First name or Last name attribute, and re-sync the LDAP. Those users will not appear in the corporate directory.

Unhide Users

In order to unhide the user, the Description of the field must be changed to something other than CiscoPrivateUser. The procedure to change it is similar to the one you use to hide the user:

  • DC Directory:

    dn: cn=[user], ou=users, o=cisco.com
    changeType:modify
    replace:Description
    Description: PublicUser
  • Active Directory:

    dn: cn=[userid], CN=users, dc=[domain], dc=com
    changeType: modify
    replace: Description
    Description: PublicUser

Then, re-run the original script.

Related Information

Updated: Jan 31, 2006
Document ID: 65594