Which of the following tasks cannot be performed by usi…

Your company synchronizes Microsoft Active Directory enduser accounts with UCM.
Which of the following tasks cannot be performed by using the UCM administrative GUI? (Select 2 choices.)

Your company synchronizes Microsoft Active Directory enduser accounts with UCM.
Which of the following tasks cannot be performed by using the UCM administrative GUI? (Select 2 choices.)

A.
assigning users to groups

B.
assigning an IP phone to a user

C.
assigning roles to user groups

D.
changing user PINs

E.
creating end-user accounts

F.
deleting end-user accounts

Explanation:
Because your company synchronizes Microsoft Active Directory end-user accounts with Cisco Unified
Communications Manager (UCM), you cannot create end-user accounts by using the UCM administrative
graphical user interface (GUI). In addition, you cannot delete end-user accounts by using the UCM
administrative GUI.
When UCM is configured to synchronize with a Lightweight Directory Access Protocol (LDAP) directory, such
as OpenLDAP or Microsoft Active Directory, the user ID and all user personal and organizational data that is
stored in the LDAP directory, except for passwords, are replicated to the UCM database. It is important to note
that the Cisco Directory Synchronization (DirSync) service must be activated before LDAP synchronization can
take place.
When LDAP synchronization is configured, UCM configures the synchronized data as readonly data and
acknowledges the LDAP directory as the central authority for creating and deleting user accounts. Therefore,
UCM prevents administrators from using the UCM GUI to add and delete users. None of the data that was
replicated to the UCM database can be modified by using the GUI. However, UCM user data that is not
managed by the LDAP directory, such as the user’s password and personal identification number (PIN), can be
modified in the UCM administrative GUI.
You can assign roles to user groups in the UCM administrative GUI, even if your company synchronizes
Microsoft Active Directory enduser accounts with UCM. UCM roles are configured with privileges that are
specific to UCM, such as the ability to log in to the administrative GUI and the ability to modify specific
configuration settings. Therefore, an administrator must be able to assign UCM roles to user groups in the UCM
administrative GUI so that the end users in those groups can perform tasks in the GUI. However, UCM
synchronization with LDAP overrides any role’s privilege to add or delete UCM end users.
You can assign users to groups in the UCM administrative GUI, even if your company synchronizes Microsoft
Active Directory enduser accounts with UCM. Because the user groups and user roles that control user
privileges in UCM are unique to UCM, administrators must be able to assign those groups and roles to end
users by using the UCM administrative GUI.You can assign an IP phone to a user in the UCM administrative GUI, even if your company synchronizes
Microsoft Active Directory enduser accounts with UCM. Because the enduser IP phone assignments are not
stored in Active Directory, administrators must be able to assign those devices to end users by using the UCM
administrative GUI.
You can change user PINs in the UCM administrative GUI, even if your company synchronizes Microsoft Active
Directory enduser accounts with UCM. Because the enduser PIN assignments are not stored in Active
Directory, administrators must be able to assign PINs to end users by using the UCM administrative GUI.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/8x/uc8x/directry.html#wp1067953



Leave a Reply 0

Your email address will not be published. Required fields are marked *