Cisco Cisco Unified Provisioning Manager 8.5 白書

Page 53 of 71

If a user is added into Active Directory, the user needs first to be synchronized to Communications Manager, and

then the user can be synchronized from Communications Manager to Cisco Unified Provisioning Manager. How

long it takes to get the user into Cisco Unified Provisioning Manager depends upon a couple of things:

●

How often Communication Manager does the synchronization from Active Directory (which is configured on

Cisco Unified Communications Manager), and

●

Whether a synchronization from Cisco Unified Communications Manager to Cisco Unified Provisioning

Manager is performed to automatically pull in the user to a domain, or whether a user is manually added in

Cisco Unified Provisioning Manager

To avoid performing Cisco Unified Provisioning Manager syncs after a user is added in Active Directory, a user

can be added in both Active Directory and Cisco Unified Provisioning Manager in parallel. With UPM 2.1, you can

also enable UPM LDAP sync to import users directly from LDAP. When services are ordered in Cisco Unified

Provisioning Manager, the services will not be activated until the Active Directory to Communications Manager

synchronization happens. But in this case, it is not necessary to do a Cisco Unified Provisioning Manager

subscriber sync after a user is added in Active Directory.

Behaviors for Adding/Deleting Subscribers in UPM and UCM (Non-LDAP-Integrated UCM)

If you add a new subscriber in UPM, pseudo-subscriber or not, the user initially exists only in UPM.

When you provision services for a pseudo-subscriber, only the phone settings get provisioned into Cisco Unified

Communications Manager. When you provision services for a real subscriber, the subscriber is created in UCM

and the phone settings get provisioned into UCM.

If you create a new subscriber in UCM, it will usually get into UPM after subscriber and domain sync. But if you

have sync rules such as “AssociateUsersByDevicePool” or “AssociateUsersByDevicePool” set up for a domain,

then the subscribers without phones will not show up in UPM. You will have to manually add those subscribers into

UPM.

If you delete a subscriber in UCM, UPM will not know it immediately because UCM does not have a notification

function. After subscriber sync and domain sync, UPM will remove the service association from the subscriber.

Phone services are not longer associated with the user. You can only delete or change them through the pseudo-

subscriber approach. See the section “How to Manage Phones Without Associated Users.”

If people have left the company, you can cancel their services and then remove those users from UPM. UPM will

remove those users along with their services from UCM. This is why you should manage your users from UPM, not

UCM. All your MAC work should be from UPM.

AAA Server Integration

Cisco Unified Provisioning Manager allows end users to configure Cisco Unified Provisioning Manager to use

authentication, authorization, and accounting for authentication while users are logging in to Cisco Unified

Provisioning Manager. Cisco Unified Provisioning Manager will neither retrieve authorization/accounting

information nor write any kind of information to the AAA servers. Cisco Unified Provisioning Manager 2.0 allows

the addition of LDAP servers and ACS servers (using TACACS+). Microsoft Active Directory Server 2003 is used

to test LDAP support.