Cisco Prime Collaboration Provisioning Guide - Standard and Advanced, 10.0
Synchronizing Processors, Users, and Domains
Downloads: This chapterpdf (PDF - 1.37MB) The complete bookPDF (PDF - 6.23MB) | Feedback

Synchronizing Processors, Users, and Domains

Synchronizing Processors, Users, and Domains

Synchronizing Processors, Users and Domains Overview

There are three types of synchronizations in Provisioning:

  • Infrastructure Synchronization—Discovers all the objects in the device that Provisioning uses and that are not specific to individual users. The infrastructure data are the configurations that are required to exist on the device before Provisioning can configure user services.
  • User Synchronization—Discovers all objects related to individual users.
  • Domain Synchronization—Puts existing users discovered during user synchronization into the Domain.

Synchronizing the data in Cisco Unified Communications Manager and Cisco Unity systems, and then synchronizing with the Domains, populates Provisioning with the existing active users and services, and provides a consolidated view of all of the infrastructure and user information.

Remember the following before running any synchronization:

  • Infrastructure and user synchronizations retrieve information from the device. They are unidirectional synchronizations. Provisioning does not update devices during these synchronizations. Infrastructure and user synchronizations should be completed on all devices before a Domain synchronization is started.
  • You can execute the synchronizations independently and in any order. However, to preserve the integrity of the data, it is recommended that you run the synchronizations consecutively, and in the following order:
    1. Infrastructure synchronization.
    2. User synchronization.
  • After a new Provisioning installation, the infrastructure synchronization must be executed first. You should not run more than one synchronization at a time.
  • Ensure that you have checked the connectivity of the device. Click Test Connection (under Actions) from the Device details Quick View before running any synchronization. The test results appear in the Device details Quick View.
  • The test connection results must be successful before synchronizing Unified Message Processors. If you start synchronization for a Unified Message Processor when the test connection status is "In Progress" or "Failure", the synchronization will fail.
  • After a Call Processor or Unified Message Processor is synchronized, do not change the type of device. For example, if you add a Cisco Unified Communications Manager, do not change the Call Processor type to Cisco Unified Communications Manager Express.
  • After a Domain synchronization, you can use Provisioning to directly manage the individual user account. You no longer have to use the underlying Cisco Unified Communications Manager or Cisco Unity systems.
  • Any out-of-band configurations (meaning configurations that are performed directly on the processor but not synchronized with Provisioning) can result in failed orders. You must always keep Provisioning synchronized with the processors that it is provisioning.

Change Notification feature will be automatically enabled for Cisco Unified Communications Manager 10.0 and above versions. This feature is not supported for Cisco Unified Communications Manager versions less than 10.0.

Any updates to infrastructure or user configuration of Cisco Unified Communications Manager will be automatically synchronized to Provisioning every 5 minutes. This avoids the need for daily or frequent synchronization with Cisco Unified Communications Manager.

As part of change notification, the user records are also updated to include the newly added services. To view the start and end time of change notification synchronization for a Cisco Unified Communications Manager, launch the quickview and click View Detailed Log in the Actions pane.

The following services and infrastructure objects are automatically synchronized from Cisco Unified Communications Manager, through the Change Notification feature:
  • CtiRoutePoint
  • CmcInfo
  • Endpoint
  • Line
  • Remote Destincation Profile
  • Device Profile
  • Call Park
  • Call Pickup Group
  • Css
  • DateTimeGroup
  • DeviceMobility
  • FacInfo
  • Line Group
  • Location
  • PhysicalLocation
  • Hunt List
  • Hunt Pilot
  • Route List
  • Route Pattern
  • RoutePartition
  • Route Group
  • SipProfile
  • SipTrunk
  • TransPattern
  • GeoLocation
  • CommonPhoneConfig
  • CommonDeviceConfig
  • H323Gateway
  • VoiceMail Profile
  • VoiceMail Pilot
  • VG224
  • MediaResourceList
  • MediaResourceGroup
  • MeetMe
  • CallManagerGroup
  • UcService
  • User

Infrastructure and User Synchronization

You use the infrastructure synchronization to synchronize the infrastructure data in the devices. The infrastructure synchronization retrieves device information that is used across multiple users.

To synchronize infrastructure configuration products and users:

Procedure
    Step 1   Choose Design > Infrastructure Setup.
    Step 2   Hover over Quick View of the device for which you want to run synchronization.
    Step 3   Do one of the following:
    • To initiate Infrastructure Synchronization, click Start Infrastructure Synchronization
    • To initiate User Synchronization, click Start User Synchronization

    The progress of synchronization is displayed in the Quick View under Synchronization Status.

    Step 4   Click View Detailed Logs.

    A synchronization log is created, listing the objects that could not be assigned. It also shows a warning message if an unknown element is received from the device. This log is replaced each time a synchronization occurs.

    Note   

    If you see the warning message “Skipped unexpected element,” you can ignore it. The message indicates that Provisioning does not support the item that was sent back from the device.


    If the status of an infrastructure or user synchronization does not change for an extended period of time, verify that the Nice service is running. Run the following command to check if the Nice service is running:

    ps -aef | grep nice

    If the Nice service is stopped, restart the service, and then restart the infrastructure or user synchronization.

    If you wish to manage the Analog Phones, you have to update the ipt.properties file. In this file, update the dfc.ipt.cisco.callmanager.analog_phone_support to Y and then do the user synchronization. You must restart Provisioning after the user synchronization is completed.

    For the list of Cisco Unified Communications Manager objects that Provisioning synchronizes, see Cisco Unified Communications Manager Objects that Are Synchronized.

    You use the infrastructure synchronization to synchronize the unified messaging infrastructure data in Provisioning with the Unified Message Processor:
    • SubscriberTemplate—A Subscriber Template in Cisco Unity, Cisco Unity Connection, and the e-mail message processor.
    • UnifiedMessagingFeatureSpecification—A class of service in Cisco Unity, Cisco Unity Connection, and the e-mail message processor.

    You use the user synchronization to synchronize the unified messaging user data in Provisioning with the Unified Message Processor.

    • UMInfo—A user in Cisco Unity, Cisco Unity Connection, and Cisco Unity Express in conjunction with their user’s voicemail and e-mail information.
    • VoiceMailInfo—A user in Cisco Unity, Cisco Unity Connection, and Cisco Unity Express in conjunction with UMInfo and EmailInfo.
    • EmailInfo—A user in Cisco Unity and Cisco Unity Connection in conjunction with VoiceMailInfo and UMInfo.

    Note


    If during the synchronization of Cisco Unity Express you encounter device connection errors, close all Telnet sessions on the Cisco Unity Express system and restart the synchronization. Cisco Unity Express only allows one Telnet session at a time. Provisioning cannot synchronize with a Cisco Unity Express device that has another telnet session open.



    Note


    IM and Presence 9.0 and higher versions are integrated with Cisco Unified Communications Manager. Due to this, user synchronization will be disabled for IM and Presence 9.0 and higher versions. User information will be directly synchronized from Cisco Unified Communications Manager.


    For IM and Presence, use the Infrastructure synchronization to synchronize the User Settings Infrastructure data with Provisioning.


    Note


    After upgrading your Cisco Unified Communications Manager, you must perform User Synchronization manually to synchronize change notification settings.


    Cisco Unified Communications Manager Objects that Are Synchronized

    The following tables list the Cisco Unified Communications Manager objects that are synchronized during an infrastructure and user synchronization in Provisioning.

    Table 1 Cisco Unified Communications Manager Objects Synchronized During an Infrastructure Synchronization
    • AAR Group
    • Call Park
    • Calling Search Space
    • Client Matter Codes
    • Cisco Unified CM Group
    • Call Pickup Group
    • Common Device Config
    • Conference Bridge
    • Date Time Setting
    • Date/Time Group
    • Device Mobility Info
    • Device Mobility Group
    • Device Pool
    • Device Profile
    • Dial Plan
    • Dial Plan Tag
    • Digit Discard Instruction
    • Enable Password Router
    • Forced Authorization Codes
    • Gatekeeper
    • Geo Location
    • Geo LocationConfiguration
    • Geo Location Filter
    • Hunt Group
    • Hunt List
    • Hunt Pilot
    • H323 Gateway
    • H323 Trunk
    • Line Group
    • Location
    • MLPP Domain
    • Media Resource Group
    • Media Resource List
    • Meet-Me Number/Pattern
    • Message Waiting
    • MOH Audio Source
    • Partition
    • Phone Profile
    • Phone Template
    • Presence Group
    • Physical Location
    • Region
    • Remote Destination Profile
    • Resource Priority Namespace List
    • Resource Priority Namespace Network Domain
    • Route Filter
    • Route Group
    • Route List
    • Route Partition
    • Route Pattern
    • SIP Trunk
    • SIP Profile
    • Softkey Template
    • SRST
    • Translation Pattern
    • UC Service Profile
    • VG202
    • VG204
    • VG224
    • VG350
    • VGVoicemail Pilot
    • Voicemail Port
    • Voicemail Profile
    Table 2 Cisco Unified Communications Manager Objects Synchronized During User Synchronization
    • Calling Search Space
    • Device Pool
    • Directory Number
    • IP Phone
    • License Capabilities
    • Line
    • Location
    • Phone
    • Remote Destination Profile
    • Remote Destination Profile Line
    • User

    Error Messages While Synchronizing a Call Processor

    Some of the error messages you encounter while synchronizing a call processor:

    The Detailed Log page lists items that could not be synchronized from the Cisco Unified Communications Manager device. For example, on the page, you might see the following message:

    
    Completed. But the following objects could not be 
    synchronized: [SecurityProfile, DialPlanTag, SIPTrunk, PhoneTemplate, DigitDiscardInstruction]
    

    Incomplete synchronization can occur because of the following:

    • Network problems that did not allow the items to be properly synchronized. To determine if this is the cause, analyze the nice.log file. A network problem might be the cause if the file displays the following information:
      
      java.security.PrivilegedActionException:com.sun.xml.messaging.saaj.SOAPExceptionImpl:Message send failed.
      
    • Configuration issues with the items. In this case, copy the nice.log file and contact the Cisco Technical Assistance Center (TAC).

    Overview of Domain Synchronization

    Domain synchronization aggregates data from synchronizations. Devices are not accessed during a Domain synchronization.

    During a Domain synchronization, Provisioning does the following:

    • Synchronizes users and their services with the Provisioning inventory, creates new users, and updates the records.
    • Synchronizes user accounts and updates Provisioning so that users can log in (logins are created only if the self-care rule is enabled; see Business Rule Descriptions.
    • Associates services to Service Areas.
    • Synchronizes the assigned voicemail directory numbers in Cisco Unity, Unity Connection or Unity Express to those in Cisco Unified Communications Manager.
    • Associates the voicemail, e-mail, and unified messaging data in Cisco Unity, Unity Connection or Unity Express with the user information in Provisioning.

    Business rules determine the criteria used for synchronizing Domains (see Configuring Business Rules for Domain Synchronization).

    To fully synchronize a Domain, you must perform an infrastructure and user synchronization for each device in the Domain, and then perform a Domain Synchronization.


    Note


    If a device in the Domain is already synchronized, it is recommended that a Domain synchronization also be done.


    While running Domain synchronization, remember the following:

    • If you use a user synchronization on Cisco Unified Communications Manager Express to add users to Provisioning, the first name, last name, phone number, and department data are not obtained by Provisioning. The Manage Users page, displays “Unknown” in these fields. You can update the user information through Provisioning, but be aware that this information will be pushed to the Cisco Unified Communications Manager Express system, and will overwrite any existing information for the user in the ephone description field.
    • You should not run more than one synchronization at a time. Run all synchronizations sequentially.
    • If a Cisco Unified Communications Manager Express is the only device present in a Domain and Service Area, during Domain synchronization users are not created in Provisioning if the ephone username command is not configured in Cisco Unified Communications Manager Express. Make sure the ephone username command is configured in Cisco Unified Communications Manager Express for all users.
    • A device profile is added to a user’s record as an Extension Mobility Access product only if the device profile is subscribed to the extension mobility service in Cisco Unified Communications Manager.
    • If the Cisco Unified Communications Manager and Cisco Unified Presence added to the service area are upgraded to 9.0 versions, the following services will be removed from the user records:
      • Enable Presence
      • Enable Presence Client
      • Client User Settings The user records will be updated with the User Services product details. If a Service Area has Cisco Unified Communications Manager 8.x and Cisco Unified Presence 8.x, then Enable Presence, Enable Presence Client, and Client User Settings product details will be retained in the user records.
    • Provisioning allows you to provision device profiles with services enabled or disabled at enterprise level. If a device profile has associated services, the device profile will be associated to a user only if a matching service URL is found.

      Note


      Extension Mobility service can be associated to a user, even if the device profile has no associated services or if the services are enabled at enterprise level.


    • Provisioning allows you to provision device profiles with services enabled or disabled at enterprise level. If a device profile has associated services, the device profile will be associated to a user only if a matching service URL is found.
    • After domain synchronization, all services related to users are updated in the user record. You can change, cancel or edit services related to users without configuring a service area.

    Synchronizing Domains

    To synchronize domains:

    Procedure
      Step 1   Choose Design > User Provisioning Setup.
      Step 2   From the Domains table, hover over quick view of the Domain you want to synchronize, and click Start Domain Synchronization.

      A popup appears saying that the Domain Synchronization has started successfully. The Last Synchronization field in Quick View displays the status of synchronization along with the start and completion time.


      Domain synchronization cannot be started without configuring synchronization rules. See Configuring Business Rules for Domain Synchronization for information on synchronization rules.

      Business Rules for Domain Synchronization

      Business rules determine the criteria used for adding users to a Domain.

      For Domain synchronization to work properly, you must configure at least one of the following rules:

      • Sync All Users (Unified CM)—If enabled, all user accounts in all of the Call Processors in the Domain are assigned to the Domain being synchronized. This rule overrides the Match Department rule.
      • Sync Only Existing Users—If enabled, the Domain synchronization does not create new users. Only services of existing users in the Domain are synchronized.
      • Sync by Attribute—You have the following options:
        • Match Department—If enabled, the Domain synchronization associates only the Call Processor user accounts whose department code matches one in the list specified in the rule configuration.
        • Match Location—If enabled, the Domain synchronization associates only the Call Processor user accounts whose phone location matches one in the list specified in the rule configuration.
        • Match Device Pool—If enabled, the Domain synchronization associates only the Call Processor user account whose Phone or Remote Destination Profile has a device pool value that matches one in the list specified in the rule configuration.

      The rest of the Domain synchronization rules coreside (do not have a priority level) with the above rules. Following are the coresident Domain synchronization rules:

      • Sync All Users (Unity Connection)—If this rule is enabled, all user accounts in a given Message Processor are assigned to a Provisioning Domain. Otherwise, only user accounts in the given Message Processor with a matching Call Processor user account are assigned.
      • Sync Primary User From Unity Connection—If enabled, user information is updated from the associated Message Processor account; otherwise it is updated from the Call Processor.

        Note


        If you try to run a Domain synchronization when none of the required rules are enabled, a message appears in the Synchronize Domain page stating that you are required to enable one of the rules. You can click the Configure Synchronization Rules link on this page to open the Configure Domain Sync Rules page, where you can configure the desired Domain synchronization rule. For more information, see Domain Synchronization.


      If more than one of the required rules are enabled, only one of the rules will be in effect.

      The rule priority is applied in the following order:

      1. Sync All Users (Unified CM)
      2. Sync Only Existing Users
      3. Match Department
      4. Match Location
      5. Match Device Pool

      If Sync All Users (Unified CM) rule is enabled, the settings of all the other rules are ignored. If Sync Only Existing Users rule is enabled, the settings for the last three rules are ignored. The last three rules are additive, meaning that if two of the rules are enabled, then only users that satisfy both constraints are synchronized.

      Configuring Business Rules for Domain Synchronization

      For Domain synchronization to work properly, you must configure Domain synchronization business rules.


      Tip


      A description of each business rule appears when you place your cursor over the information icon next to the rule.


      Procedure
        Step 1   Choose Design > User Provisioning Setup.
        Step 2   In the Domains listing page, select a Domain and click Edit.
        Step 3   Scroll down to the Synchronization Rules area on the Domain Configuration page.
        Step 4   Select the required rules.

        You must select at least one Call Processor synchronization rule for the domain synchronization to work properly. If you select the Sync by Attribute rule, you must select at least one of the options listed under Sync by Attribute rule.

        For more information on Domain synchronization rules, see Business Rules for Domain Synchronization.

        Step 5   Click Save.

        Domain Synchronization Log Messages

        This section provides explanations for some of the messages that can appear in the Domain Synchronization Log report.

        The Phone SEP123123123123 could not be added to the customer record because a service area with the following properties could not be found:

        The phone could not be assigned to a Service Area with the listed settings.

        To fix this problem, either create a Service Area with the same settings or change the phone settings on Cisco Unified Communications Manager.

        Duplicate username encountered. So skipping the creation of this user: TestUser from the Call Processor: TestCCM

        Indicates that another user exists in Provisioning with the same ID, but the ID uses a different case. Services which belong to this user will not be synchronized.

        To fix this problem, remove one of the users from Cisco Unified Communications Manager.

        No matching voicemail info found for directory number 123400000

        The synchronization could not find a voicemail for the directory number. This problem can occur when either a synchronization was not run on the Unified Message Processor (so the voicemails are not present in Provisioning), or no matching voicemail information was found for the directory number.

        To fix this problem, either run user synchronization on the Unified Message Processor, or create a Service Area with the correct settings.

        The device profile line Line 1 - 123400000 could not be added to the customer record because a service area with the following properties could not be determined in the domain Cisco: Call Processor: TestCCM

        A device profile line could not be assigned to a Service Area with the listed settings.

        To fix this problem, either create a Service Area with the same settings or change the line settings on Cisco Unified Communications Manager.

        Scheduling Synchronization

        Provisioning provides a command line script utility that can be used to schedule periodic processor and Domain synchronizations. The synchronization script enables you to regularly schedule a subset of the synchronization operations at different periodic intervals and across multiple time zones. The sync.sh file is available at /opt/cupm/sep/build/bin/ folder.

        To schedule synchronization:

        Procedure
          Step 1   Login to the Provisioning server as root using SSH.
          Step 2   Enter crontab -e to edit a copy of the crontab file in vi editor.
          Step 3   Press the i key to enter insert mode.
          Step 4   To run synchronization at regular intervals, enter the following: minute hour day-of-the-month month day-of-week command-to-be-executed
          where:
          • Minute-Valid range is from 0 to 59.
          • Hour-Valid range is from 0 to 23.
          • Day of the month-Valid range is from 1 to 31.
          • Month-Valid range is from 1 to 12.
          • Day of the week-Valid range is from 0 to 6 (Sunday = 0).

          For example, to run Call Processor synchronization at 3:24 pm every day, enter the following:

          24 15 * * * /opt/cupm/sep/build/bin/sync.sh callprocessor

          To run Message Processor synchronization at 8:24 pm every day, you would enter the following command:

          24 20 * * * /opt/cupm/sep/build/bin/sync.sh messageprocessor

          See Command Line Script Utility Options for information on Command Line Script utility options.

          Note    Run man 5 crontab for information on other cron commands.
          Step 5   Press ESC key to exit insert mode, and then press : to enter the command line.
          Step 6   Enter wq to write and quit the editor.
          Step 7   Enter crontab -l to see if the file is saved.

          Command Line Script Utility Options

          The command line script utility options are as follows:

          Mass Sync Usage: ./sync.sh [callprocessor | messageprocessor | presenceprocessor | activedirectory | domain | all] [<option>]

          Mass Synchronization invokes synchronization operations for all objects of the specified class. Both infrastructure and subscriber synchronizations run for each processor. The order of the synchronization is as follows: call processor, unified message processor, presence processor, and then domain.

          Granular Sync Usage: ./sync.sh [-g <filename>] [<option>]

          Granular Synchronization invokes synchronization operations that are specified in a formatted file, where
          • <filename>—is a text file that has lines of the appropriate format: <object class>.<object name>: <sync type> that is,
            • cp.Test-UCM: infra
            • mp.all: sub
            • pp.all: both—equivalent to the [presenceprocessor] mass sync
            • ad.all:—ActiveDirectory mass sync
            • domain.Test-Dom:
          • <option>—(Optional field) the following are available as options:
            • test—Allows a script to run without performing any syncs, but list the processors and Domains that will be synchronized.
            • abortonfail—Instructs the script to quit after a synchronization failure. If this parameter is not specified, the sync script will continue on success or failure.
            • forcedomainsync—Allows the domain sync to be performed even if one of the devices in the domain had a failed sync. If this parameter is not specified, then the domain sync will not proceed if there are device sync errors.
            • parallel—runs the device syncs in parallel
            • help—Displays usage information.

          For example, if you want to run granular synchronization at 1:15 pm every Saturday, enter the following command:

          15 13 * * 6 /opt/cupm/sep/build/bin/sync.sh -g granularsyncfilename

          Configuring Directory Search Synchronization Source

          To configure user data service (UDS), you must set the directory source. Directory source can be either LDAP server or Call Processor. If LDAP server is set as the directory source, UDS will be disabled in Provisioning. By default, LDAP server is set as the directory source. For enabling UDS, you must set the directory source as Call Processor.

          You cannot enable UDS, if any of the Call Processor is integrated with LDAP. After enabling UDS, if a LDAP integrated Call Processor is added to Provisioning, Provisioning will disable the UDS automatically by setting the directory source as LDAP server.

          The processor against which the first service is ordered for a user will be set as the home cluster for the user.

          If UDS is enabled, when a user is removed from the home cluster, Provisioning will delete the corresponding user details from the other Call Processor clusters.

          You can enable directory search synchronization while adding a new Call Processor or choose to do it later.

          To configure the directory search synchronization source:

          Procedure
            Step 1   Choose Deploy > Unified Communication Services.
            Step 2   Click Use Communication Manager for Directory Data.
            Step 3   Click Apply.

            Directory search synchronization will add the user details to all Call Processors that are 9.x and above. Depending on the number of users, this operation may take several hours and may impact system performance.

            Unified Communication Services page will be updated to show the synchronization status for each affected cluster. If synchronization fails, an error message and links to the log files will be displayed.


            Synchronizing an LDAP Server with Provisioning

            You can synchronize the information in a Lightweight Directory Access Protocol (LDAP) server with Provisioning. Provisioning can use this information to create new users, update existing user information, or delete user. You configure the LDAP server synchronization to determine which actions should be performed.

            For information on setting up Provisioning to use an LDAP server, see Configuring Provisioning to Use LDAP and ACS Servers.

            Configuring LDAP Server Synchronization

            To configure LDAP Server Synchronization:

            Procedure
              Step 1   Choose Design > User Provisioning Setup.
              Step 2   From the Domains table, select a Domain and click Edit.
              Step 3   In the Domain Configuration page, select an LDAP Server.
              Step 4   In the LDAP Settings pane, you configure the information Provisioning gets from the LDAP server. (For descriptions of the fields in this page, see ).
              Step 5   For all the changes on the LDAP server to be synchronized to Provisioning, select the following:
              • Mode—Authentication and Synchronization.
              • Update existing user details—All fields.
              • Action when LDAP users deleted—Delete user only.
              • User Search base—Enter a user search base.
              • Filter query for synchronization—Synchronize all users.
              Step 6   Click Save.

              To schedule synchronization, set the Synchronization Interval and Synchronization Start Date in the LDAP Settings pane.

              After saving the Domain Configuration page, select the Domain and hover over Quick view. Select Start LDAP Synchronization.

              After an LDAP synchronization, a report is created. The report lists the operations that could not be performed during synchronization. Operation failure can be due to incorrect data entered into the LDAP server or incorrect user settings.


              Note


              You cannot delete an LDAP server which is associated to a Domain. You must remove the LDAP server from the Domain to delete it.
              Table 3 LDAP Settings Fields

              Field

              Description

              Mode

              • Authentication Only—The LDAP server is used only for user authentication.
              • Authentication and Synchronization—The LDAP server is used both to provide user authentication and to obtain user information.

              Update Existing User Details

              • All fields—If any user information is changed in the LDAP server, the same information is updated in Provisioning.
              • Do not update—User information in Provisioning is not updated when there are changes to the user information in the LDAP server.

              Action when LDAP users deleted

              • Do not delete—When a user is deleted in the LDAP server, the corresponding user in Provisioning is not deleted.
              • Delete user only—When a user is deleted in the LDAP server, the corresponding user is deleted in Provisioning alone.
              • Delete user with services—When a user is deleted in the LDAP server, only the corresponding user service is deleted in the device and in Provisioning. The user is not deleted in the device, but deleted in Provisioning.

              User Search Base

              The user search base. Provisioning searches for users under the base. CN-Users, DC-Cisco, DC-com.

              This search base is used only for LDAP synchronization; it is not used for authentication.

              In the Microsoft Active Directory server, you can use the command dsquery user to list the complete user search base.

              Field Mapping

              Lists which user fields in Cisco Unified Communications Manager correspond to certain LDAP user fields. The only fields you can configure in Provisioning are the following:

              • Contact phone number—Select either telephone number or ipPhone.
              • Contact email—Select either mail or sAMAccountName.
              • User ID—User ID can be mapped to the following fields in LDAP server:
                • employeeNumber
                • mail
                • sAMAccountName
                • telephoneNumber
                • userPrincipalName

              For a list of all field mapping between Provisioning and the LDAP server, see Table 2.

              Filter Query for Synchronization

              • Synchronize all users—All users will be synchronized.
              • Simple query—You can configure a query by using a combination of the following fields:
                • User ID
                • Department
                • Contact phone number
                • Contact email You can use an asterisk (*) for a partial string search.
              • Advanced query—You can enter any LDAP query; for example: (&(sAMAccountName=johndoe)(department=Cisco*)(mail=john@cisco.com)).

              The table below lists the field mapping between Provisioning and the LDAP server. The data in the specified Provisioning field is synchronized with the user data in the corresponding LDAP field.

              Table 4 LDAP Field Mapping

              Provisioning Field

              LDAP Field

              Phone Number

              telephoneNumber or ipPhone number.

              Email

              mail or sAMAccountName.

              User ID

              User ID can be mapped to the following fields in LDAP server:

              • employeeNumber
              • mail
              • sAMAccountName
              • telephoneNumber
              • userPrincipalName

              First Name

              givenName.

              Last Name

              sn.

              LDAP Synchronization Report

              This section provides explanations for some of the messages that can appear in the LDAP Synchronization report.

              The following users were not created because they are already present in another Domain: user1, user2

              The listed users are present in the LDAP server, but could not be created in Provisioning in the current Domain, because they are already present in another Domain.

              To fix this problem, delete the users from the other Domain and run the LDAP synchronization again.

              Deletion of User and associated services failed for the following users: UserId, OrderId, Status

              This message appears when Delete user with Services is enabled, and deleting the user and services from the device and from Provisioning fails. In order to delete the services in a device, a single order is created for each user and the order status is shown in the above report with the order ID. You have to manually delete these users and corresponding services. You can click on the link provided for the user ID in the above report to access these user records.

              The following user and associated services were deleted successfully: UserId, OrderId, Status

              This message appears when Delete user with Services is enabled, and deleting the user and services from the device and from Provisioning succeeds.

              The following users were not deleted because the delete option was not set: user1 user2

              The users were deleted in the LDAP server, but they were not deleted during the LDAP synchronization, since Do not delete is enabled.

              To fix this problem, enable either Delete User Only or Delete User with Services option, and run the LDAP synchronization again.

              Synchronizing Special Directory Numbers

              Prior to the Provisioning 9.5 release, Provisioning would only synchronize those Directory Numbers (DN) whose endpoints are managed by Provisioning and will not have a complete knowledge of the DNs configured by Cisco Unified Communications Manager. There might be instances of few special DNs configured on Cisco Unified Communications Manager.

              Special Directory Numbers:

              • The DN features which are present in Cisco Unified Communications Manager but not managed by Provisioning. For example, Intercom DN.
              • The DN attached to endpoints which are not managed by Provisioning.

                Note


                Provisioning has a limited support of endpoints and does not support all the endpoints available in Cisco Unified Communications Manager.


              In Provisioning 10.0, you can synchronize all special DNs as part of user synchronization. This feature will be disabled by default. To enable this feature, you must add the following property to /opt/cupm/sep/ipt.properties file:

              
              dfc.ipt.cisco.ccm.sync.orphanDN=true
              

              Note


              After updating the ipt.properties file, you must restart the cupm services for the changes to take effect.

              When this feature is enabled, the provisioning orders are validated from Provisioning, rather than submitting it to Cisco Unified Communications Manager which results in failure.

              Provisioning and Special DN conditions:

              Any provisioning activity carried out from Provisioning, which tries to re-use such special DNs, would result in provisioning failure.

              • When the provisioning line is auto-assigned, Provisioning would skip if the DN is already used.
              • When the provisioning line is chosen manually, Provisioning would throw an error during provisioning.