User Moves, Adds, and Changes Guide for Cisco Unity Connection Release 10.x
Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 10.x
Downloads: This chapterpdf (PDF - 341.0KB) The complete bookPDF (PDF - 4.99MB) | Feedback

Table of Contents

Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 10.x

Creating Unity Connection 10.x Users from LDAP Data By Using the Import Users Tool

Creating Unity Connection 10.x Users from LDAP Data By Using the Bulk Administration Tool

Changing the LDAP Integration Status of Unity Connection Users

Changing the LDAP Integration Status of an Individual Unity Connection User

Changing the LDAP Integration Status of Multiple Unity Connection User Accounts in Bulk Edit Mode

Integrating Existing Unity Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool

Integrating Existing Unity Connection User Accounts with LDAP User Accounts

Determining Whether a Unity Connection User Account Integrated with an LDAP User Account

Determining Whether a Unity Connection User Account Integrated with an LDAP User Account

Creating User Accounts from LDAP User Data or Changing LDAP Integration Status for Existing Users in Cisco Unity Connection 10.x

To create Cisco Unity Connection user accounts from LDAP user data, you use one of the following methods:

You can also integrate existing Unity Connection user accounts with LDAP user accounts, whether or not the accounts were originally created by importing Cisco Unified CM users. For more information, see the appropriate section:

To determine whether a Unity Connection user account is integrated with an LDAP user account, see the appropriate section:

Creating Unity Connection 10.x Users from LDAP Data By Using the Import Users Tool

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the “ Integrating Cisco Unity Connection 10.x with an LDAP Directory ” chapter of the System Administration Guide for Cisco Unity Connection Release 10.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/10x/administration/guide/10xcucsagx.html), you synchronized Unity Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Unity Connection server. When you use the Import Users tool to create Unity Connection users, you import the data from the Cisco Unified CM database into the Unity Connection database.


Caution When you entered values in the LDAP Setup page, you selected a field in the LDAP directory that would be imported into the User ID field in the hidden Cisco Unified CM database and, from there, into Unity Connection. The LDAP field that you chose must have a value for every user in the LDAP directory. In addition, every value for that field must be unique. Any LDAP user who does not have a value in the field you choose cannot be imported into Unity Connection.

When you create user accounts this way, Unity Connection takes data from the LDAP fields that you specified on the LDAP Directory Configuration page, and fills in the remaining information from the user template that you specify. You cannot use Connection Administration to change data in the fields whose values come from the LDAP directory. Instead, you must change the values in the LDAP directory.

If you have configured Unity Connection to periodically resynchronize Unity Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Unity Connection database during the next automatic resync. However, if new users have been added to the LDAP directory, this resynchronization does not create new Unity Connection users. You must manually create new Unity Connection users by using either the Import Users tool or the Bulk Administration Tool.

To Create Cisco Unity Connection Users by Importing LDAP User Data


Step 1 Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

When a cluster is configured, sign in to the publisher server.

Step 2 Expand Users and select Import Users .

Step 3 In the Find Unified Communications Manager End Users In list, select LDAP Directory .

Step 4 If you want to import only a subset of the users in the LDAP directory with which you have integrated Unity Connection, enter the applicable specifications in the search fields.

Step 5 Select Find .

Step 6 In the Based on Template list, select the template that you want Unity Connection to use when creating the selected users.


Caution If you specify an administrator template, the users will not have mailboxes.


Note If you are importing a large number of users, you can change the number of rows (users) that are displayed on each page.


Step 7 Check the check boxes for the LDAP users for whom you want to create Unity Connection users.

Step 8 If necessary, enter extensions for the users that you want to create.

Step 9 Select Import Selected .


 

Creating Unity Connection 10.x Users from LDAP Data By Using the Bulk Administration Tool

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the “ Integrating Cisco Unity Connection 10.x with an LDAP Directory ” chapter of the System Administration Guide for Cisco Unity Connection Release 10.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/10x/administration/guide/10xcucsagx.html ), you synchronized Unity Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Unity Connection server.

When you use the Bulk Administration Tool to create Unity Connection users, you:

1. Export the data from the Cisco Unified CM database into a CSV file.


Caution Do not attempt to manually create a CSV file that contains the required data, which is error prone and likely to result in a variety of problems with the Unity Connection users whose accounts are integrated with the LDAP directory.

2. Update the CSV file. For example, you may use a formula in a spreadsheet application to convert the phone number that was exported from the LDAP directory into a Unity Connection extension.


Caution If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Unity Connection database with the LDAP directory. Do not enter the values in the CSV file and then import the CSV file; Unity Connection is not able to locate those users in the LDAP directory.

3. Import the updated CSV file into the Unity Connection database.

When you create user accounts this way, Unity Connection takes data from the CSV file and fills in the remaining information from the user template that you specify. You cannot use Connection Administration to change data in the fields whose values come from the LDAP directory. Instead, you must change the values in the LDAP directory.

If you have configured Unity Connection to periodically resynchronize Unity Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Unity Connection database during the next automatic resynchronization. However, if new users have been added to the LDAP directory, this resynchronization does not create new Unity Connection users. You must manually create new Unity Connection users by using either the Import Users tool or the Bulk Administration Tool.

To Create Cisco Unity Connection Users by Using the Bulk Administration Tool


Step 1 Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

Step 2 Expand Tools and select Bulk Administration Tool .

Step 3 Export the data that is currently in the hidden Cisco Unified CM database on the Unity Connection server:

a. Under Select Operation, select Export .

b. Under Select Object Type, select Users from LDAP Directory .

c. In the CSV File field, enter the full path to the file in which you want to save exported data.

d. Select Submit .

Step 4 Open the CSV file in a spreadsheet application or in a text editor, and update the data as applicable. For more information, see the “Using the Cisco Unity Connection 10.x Bulk Administration Tool” section.

Step 5 Import the data in the updated CSV file:

a. Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

b. Expand Tools and select Bulk Administration Tool .

c. Under Select Operation, select Create .

d. Under Select Object Type, select Users with Mailbox .

e. In the CSV File field, enter the full path to the file from which you want to import data.

f. In the Failed Objects Filename field, enter the full path of the file to which you want Unity Connection to write error messages about users who could not be created.

g. Select Submit .

Step 6 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all users were created successfully.


 

Changing the LDAP Integration Status of Unity Connection Users

To change the LDAP integration status of a Unity Connection user, you use one of the following methods, depending on your situation:

Regardless of the method you choose, note the following considerations which apply to all cases:

If you are integrating a Unity Connection user account with an LDAP user account, note the following:

  • If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Unity Connection database with the LDAP directory.
  • During the next scheduled synchronization of the Connection database with the LDAP directory, existing values for certain fields are overwritten with values from the LDAP directory.
  • If you have configured Unity Connection to periodically resynchronize Unity Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Unity Connection database during the next automatic resynchronization. However, if new users have been added to the LDAP directory, this resynchronization does not create new Unity Connection users. You must manually create new Unity Connection users by using either the Import Users tool or the Bulk Administration Tool.

If you are breaking the association between a Unity Connection user account and an LDAP directory user account, note the following:

  • If Unity Connection is configured to authenticate passwords for web applications against the LDAP directory, the Unity Connection user will no longer authenticate against the LDAP password for the corresponding user. To enable the user to log on to Unity Connection web applications, you must enter a new password on the Edit > Change Password page.
  • If Unity Connection is configured to periodically synchronize with the LDAP directory, selected data for the Unity Connection user will no longer be updated when the corresponding data in the LDAP directory is updated.

Changing the LDAP Integration Status of an Individual Unity Connection User

To Change the LDAP Integration Status of an Individual Unity Connection User


Step 1 In Cisco Unity Connection Administration, click Users .

Step 2 On the Search Users page, click the alias of the user account.


Note If the user does not appear in the search results table, set the applicable parameters in the search fields at the top of the page, and click Find.


Step 3 On the Edit User Basics page, in LDAP Integration Status section, select the desired radio button:

  • Integrate with LDAP Directory—To integrate a Unity Connection user account with an LDAP user account, select this option. The Unity Connection alias must match the corresponding value in the LDAP directory. (On the System Settings > LDAP > LDAP Setup page, the LDAP Attribute for User ID list identifies the field in the LDAP directory for which the value must match the value of the Alias field in Unity Connection.)
  • Do Not Integrate with LDAP Directory—To break the association between a Unity Connection user account and an LDAP directory user account, select this option.

If the user was created by importing from Cisco Unified Communications Manager, the LDAP Integration Status field is grayed out and you must use Bulk Administration Tool to integrate them with an LDAP user account. See “Integrating Existing Unity Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool” section.

Step 4 Click Save.


 

Changing the LDAP Integration Status of Multiple Unity Connection User Accounts in Bulk Edit Mode

To Change the LDAP Integration Status of Multiple Unity Connection Accounts in Bulk Edit Mode


Step 1 In Cisco Unity Connection Administration, on the Search Users page, check the applicable user check boxes, and select Bulk Edit.

If the user accounts that you want to edit in bulk do not all appear on one Search page, check all applicable check boxes on the first page, then go to the next page and check all applicable check boxes, and so on, until you have selected all applicable users. Then select Bulk Edit.

Step 2 On the User Basics page, in LDAP Integration Status section, select the desired radio button:

  • Integrate with LDAP Directory—To integrate a Unity Connection user account with an LDAP user account, select this option. The Unity Connection alias must match the corresponding value in the LDAP directory. (On the System Settings > LDAP > LDAP Setup page, the LDAP Attribute for User ID list identifies the field in the LDAP directory for which the value must match the value of the Alias field in Unity Connection.)
  • Do Not Integrate with LDAP Directory—To break the association between a Unity Connection user account and an LDAP directory user account, select this option.

Step 3 If applicable, set the Bulk Edit Task Scheduling Fields to schedule the Bulk Edit operation for a later date and/or time.

Step 4 Select Submit.

If any of the users were created by importing from Cisco Unified Communications Manager, Bulk Edit will log an error indicating that you must use the Bulk Administration Tool to integrate them with an LDAP user account. See “Integrating Existing Unity Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool” section.


 

Integrating Existing Unity Connection User Accounts with LDAP User Accounts Using Bulk Administration Tool

The Bulk Administration Tool can be used to integrate existing Unity Connection users with LDAP user accounts, but it cannot be used to break the association between a Unity Connection user account and an LDAP directory user account.

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the “ Integrating Cisco Unity Connection 10x with an LDAP Directory ” chapter of the System Administration Guide for Cisco Unity Connection Release 10.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/10x/administration/guide/10xcucsagx.html ), you synchronized Unity Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Unity Connection server.

When you use the Bulk Administration Tool to integrate existing Unity Connection users with LDAP users, you do the following tasks, which update each Unity Connection user account with the LDAP user ID for the corresponding LDAP user account:

1. Export the data from the Cisco Unified CM database into a CSV file.

2. Update the CSV file to remove LDAP users who don’t have Unity Connection accounts and to remove Cisco Unified CM IDs, if applicable.


Caution If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Unity Connection database with the LDAP directory. Do not enter the values in the CSV file and then import the CSV file; Unity Connection is not able to locate those users in the LDAP directory.

3. Import the updated CSV file into the Unity Connection database.


Caution When you import LDAP user data into the Unity Connection database, existing values for the fields being imported are overwritten with values from the LDAP directory.

To Integrate Existing Cisco Unity Connection Users with LDAP Users


Step 1 For every Cisco Unity Connection user that you want to integrate with an LDAP user, if the value of the Unity Connection Alias field does not match the value of the LDAP user ID, use Cisco Unity Connection Administration to update the Unity Connection alias so that they do match.

Step 2 Sign in to Connection Administration as a user that has the System Administrator role.

Step 3 Expand Tools and select Bulk Administration Tool .

Step 4 Export to a CSV file the LDAP user data that is currently in the cache on the Connection server:

a. Under Select Operation, select Export .

b. Under Select Object Type, select Users from LDAP Directory .

c. In the CSV File field, enter the name of the file in which you want to save exported data.

d. Select Submit .

Step 5 Download and edit the CSV file that you created in Step 4:

  • Remove any Unity Connection users who you do not want to synchronize with users in the LDAP directory. For more information, see the “Using the Cisco Unity Connection 10.x Bulk Administration Tool” section.
  • For Unity Connection users who were originally created by importing data from Cisco Unified CM, enter %null% in the CcmId field.
  • Confirm that the LdapCcmUserId field contains the correct LDAP alias for each user.

Step 6 Import the data that you edited in Step 5:

a. Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

b. Expand Tools and select Bulk Administration Tool .

c. Under Select Operation, select Update .

d. Under Select Object Type, select Users with Mailbox .

e. In the CSV File field, enter the full path to the file from which you want to import data.

f. In the Failed Objects Filename field, enter the name of the file to which you want Unity Connection to write error messages about users who could not be created.

g. Select Submit .

Step 7 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all Unity Connection users were successfully integrated with the corresponding LDAP users.


 

Integrating Existing Unity Connection User Accounts with LDAP User Accounts

When you configured Cisco Unity Connection to integrate with an LDAP directory by using the procedures in the “ Integrating Cisco Unity Connection 10.x with an LDAP Directory ” chapter of the System Administration Guide for Cisco Unity Connection Release 10.x (available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/10x/administration/guide/10xcucsagx.html ), you synchronized Unity Connection data with data in the LDAP directory. That process invisibly imported the LDAP data into a hidden Cisco Unified Communications Manager database on the Unity Connection server.

When you use the Bulk Administration Tool to integrate existing Unity Connection users with LDAP users, you do the following tasks, which update each Unity Connection user account with the LDAP user ID for the corresponding LDAP user account:

1. Export the data from the Cisco Unified CM database into a CSV file.

2. Update the CSV file to remove LDAP users who don’t have Unity Connection accounts and to remove Cisco Unified CM IDs, if applicable.


Caution If any users in the LDAP directory were missing values in the field that you specified on the LDAP Setup page in the LDAP Attribute for User ID list, you must add the missing values in the LDAP directory and resynchronize the Unity Connection database with the LDAP directory. Do not enter the values in the CSV file and then import the CSV file; Unity Connection is not able to locate those users in the LDAP directory.

3. Import the updated CSV file into the Unity Connection database.


Caution When you import LDAP user data into the Unity Connection database, existing values for the fields being imported are overwritten with values from the LDAP directory.

If you have configured Unity Connection to periodically resynchronize Unity Connection data with LDAP data, new values in the LDAP directory are automatically imported into the Unity Connection database during the next automatic resynchronization. However, if new users have been added to the LDAP directory, this resynchronization does not create new Unity Connection users. You must manually create new Unity Connection users by using either the Import Users tool or the Bulk Administration Tool.


Note You use the same process if the Unity Connection users were created by importing data from Cisco Unified CM. Step 5 in the following procedure explains how to delete the applicable Cisco Unified CM data.


To Integrate Existing Cisco Unity Connection Users with LDAP Users


Step 1 For every Cisco Unity Connection user that you want to integrate with an LDAP user, if the value of the Unity Connection Alias field does not match the value of the LDAP user ID, use Cisco Unity Connection Administration to update the Unity Connection alias so that they do match.

Step 2 Sign in to Connection Administration as a user that has the System Administrator role.

Step 3 Expand Tools and select Bulk Administration Tool .

Step 4 Export to a CSV file the LDAP user data that is currently in the cache on the Connection server:

a. Under Select Operation, select Export .

b. Under Select Object Type, select Users from LDAP Directory .

c. In the CSV File field, enter the full path to the file in which you want to save exported data.

d. Select Submit .

Step 5 Edit the CSV file that you created in Step 4:

Step 6 Import the data that you edited in Step 5:

a. Sign in to Cisco Unity Connection Administration as a user that has the System Administrator role.

b. Expand Tools and select Bulk Administration Tool .

c. Under Select Operation, select Update .

d. Under Select Object Type, select Users with Mailbox .

e. In the CSV File field, enter the full path to the file from which you want to import data.

f. In the Failed Objects Filename field, enter the full path of the file to which you want Unity Connection to write error messages about users who could not be created.

g. Select Submit .

Step 7 When the import is complete, review the file that you specified in the Failed Objects Filename field to verify that all Unity Connection users were successfully integrated with the corresponding LDAP users.


 

Determining Whether a Unity Connection User Account Integrated with an LDAP User Account

If you integrate Unity Connection user accounts with LDAP user accounts, you are not required to integrate every Unity Connection account with an LDAP account. In addition, you can create new Unity Connection accounts that are not integrated with LDAP accounts. To determine whether a Unity Connection account is integrated with an LDAP account, do the following procedure.

To Determine Whether a Unity Connection User Account Integrated with an LDAP Account


Step 1 In Cisco Unity Connection Administration, click Users .

Step 2 On the Search Users page, click the alias of the user account.


Note If the user does not appear in the search results table, set the applicable parameters in the search fields at the top of the page, and click Find.


Step 3 On the Edit User Basics page, the LDAP Integration Status field indicates whether or not the Unity Connection user account is integrated with an LDAP user account.

If the LDAP Integration Status field is grayed out, the user was created by importing from Cisco Unified Communications Manager.


 

Determining Whether a Unity Connection User Account Integrated with an LDAP User Account

If you integrate Unity Connection user accounts with LDAP user accounts, you are not required to integrate every Unity Connection account with an LDAP account. In addition, you can create new Unity Connection accounts that are not integrated with LDAP accounts. To determine whether a Unity Connection account is integrated with an LDAP account, do the following procedure.

To Determine Whether a Unity Connection User Account Integrated with an LDAP Account


Step 1 In Cisco Unity Connection Administration, click Users .

Step 2 On the Search Users page, click the alias of the user account.


Note If the user does not appear in the search results table, set the applicable parameters in the search fields at the top of the page, and click Find.


Step 3 On the Edit User Basics page, if the Unity Connection user account is integrated with an LDAP user account, the Status area will contain one of the following messages:

Active User Imported from LDAP Directory

Inactive User Imported from LDAP Directory

If neither of these messages appears in the Status area, the Unity Connection user account is not integrated with an LDAP user account.