Author Topic: AD to MiCollab sync - post install  (Read 4359 times)

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
AD to MiCollab sync - post install
« on: August 10, 2016, 04:41:00 PM »
I am really struggling with a client who wants AD integration for login credentials after the install... I am able to get MiCollab to sync properly and pull in the AD directory, prune down the detained queue to just the users with the appropriate credentials, tweak a few things and get it to import and match... sometimes.

I am trying to figure out what needs to match in AD and MiCollab users to make it work... It seems like First and Last names must match, because I have gotten some to work and just setting the Role to Standard User and save it, but 4 out of 5 times it creates a new user with the same first and last name, but no services except MiCollab. If I put the extension number in the detained list, it fails every time saying it can't create the extension (because it already exists on the user).

I guess what I am trying to get at is, what do I have to get to match between the MiCollab user and the AD entry to make it match the two properly so the MiCollab user can use their AD credentials?

Does that make any sense?


Offline VinceWhirlwind

  • Hero Member
  • *****
  • Posts: 899
  • Country: au
  • Karma: +31/-0
    • View Profile
Re: AD to MiCollab sync - post install
« Reply #1 on: August 10, 2016, 07:11:11 PM »
That's an interesting question.
I've thought about this scenario (Existing MCD with extensions on it, new MiCollab that needs users provisioned on it) and my conclusion was that
a. AD integration is essential - you look very silly installing something on their desktop and telling them they have yet another password to manage
b. You can't provision a user in MiCollab using an extension that already exists on the MCD
UNLESS
c. If you go into your MiCollab, Network elements, pick the MCD your user's extension lives on, disable SPP, (repeat for their resilient controller) then provision user via IDS on MiCollab, then re-enable SPP, everything should work
OR
d. If I want to provision a user whose extention is already on the controller, first delete the extension from the controller, then second provision them via IDS.
 
I'm pretty sure I had a hunt around Mitel documentation, but although there is lots of doco, very little of it is in the form of white papers offering solutions to real-world scenarios. The MAS I&M Guide even has an appendix called "Greenfields MAS on Brownfields MCD", but it doesn't give you much.
The closest document to offer anything useful was one called "Virtual Appliance Deployment (Jan2016)" which has some good stuff in it.

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: AD to MiCollab sync - post install
« Reply #2 on: August 10, 2016, 10:55:17 PM »
Actually, with a ton of playing around and a few phone calls I figured it out... This MiCollab server was completely configured and deployed with users, in a 3 MCD cluster supporting about 600 users using SDS & SPP between MiCollab and the rest of the cluster.

You have to match first and last name, plus login ID (which means a lot of editing by hand in MiCollab user database)... then in the AD detained list set the Role to Standard and save. The AD credentials are imported into the user, leaving all the other services intact, but most of the info in the User tab becomes grayed out and controlled by AD (name, login ID, password, department, location, etc).

What was killing me was the Primary Phone entry, if it existed it would just error out, so I remapped it in the AD configuration from Primary Phone to DID Number and was able to finally make a breakthough. The customer had the 10 digit mapped in the telephoneNumber field anyway, so it worked out.

So far I have gotten through about 50 users, another 550 or so to go. :/

Offline VinceWhirlwind

  • Hero Member
  • *****
  • Posts: 899
  • Country: au
  • Karma: +31/-0
    • View Profile
Re: AD to MiCollab sync - post install
« Reply #3 on: August 10, 2016, 11:55:32 PM »
OK, I can see how that would work.
I'd have to compare the effort involved in manually editing 600 user records v. deleting them and re-provisioning them, and then manually re-creating keys and ring groups and so forth if required.
Your method might win out in most cases.

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: AD to MiCollab sync - post install
« Reply #4 on: August 11, 2016, 07:09:29 AM »
OK, I can see how that would work.
I'd have to compare the effort involved in manually editing 600 user records v. deleting them and re-provisioning them, and then manually re-creating keys and ring groups and so forth if required.
Your method might win out in most cases.
lol... I don't even have that option, this is a live system in a hospital so it's needed 24/7/365.

Offline johnp

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2209
  • Country: us
  • Karma: +67/-0
    • View Profile
Re: AD to MiCollab sync - post install
« Reply #5 on: August 11, 2016, 06:58:51 PM »
Great info


 

Sitemap 1 2 3 4 5 6 7 8 9 10