.. _managing_duplicate_usernames: Managing Duplicate Usernames ---------------------------- .. important:: The username must be unique within the hierarchy both upwards and downwards. User email must be unique system-wide. Users are created in a synchronization with LDAP or Cisco Unified CM, or they are created manually in the VOSS Automate. All users are created according to these duplicate username guidelines: * The username of a user cannot be updated if another user in the current hierarchy has the same username. This restriction includes above, below, or at the same level in the current hierarchy. * A user cannot be added if another user that is above, or was originally above before being moved, in the current hierarchy has the same username. * A user cannot be manually added if another user that is at the same level or below in the current hierarchy has the same username. * You cannot convert a user to a Subscriber / Unified CM user if another user at the same level or below the Unified CM in the current hierarchy has the same username. * A user may or may not be synchronized from LDAP or Unified CM if another user at the same level or below in the current hierarchy has the same username. This condition depends on the source of the existing user as shown in these tables: .. note:: The restriction on unique usernames in a hierarchy also applies to administrator users. Users Created in an LDAP Synchronization ........................................ +------------------------+-------------------------------------------+ | Original source of the | Action | | existing user | | +========================+===========================================+ | LDAP | Simple user update, if the user is coming | | | from the same LDAP server | +------------------------+-------------------------------------------+ | Cisco Unified CM | Update user, update provisioning status | | | with LDAP server and SyncTo info | +------------------------+-------------------------------------------+ | Manually created | Update user, update provisioning status | | | with LDAP server and SyncTo info | +------------------------+-------------------------------------------+ Users Created in a Cisco Unified CM Synchronization ................................................... +------------------------+-------------------------------------------+ | Original source of the | Action | | existing user | | +========================+===========================================+ | LDAP | User is not synchronized | +------------------------+-------------------------------------------+ | Cisco Unified CM | Simple user update, if the user is coming | | | from the same Cisco Unified CM server | +------------------------+-------------------------------------------+ | Manually created | Update user, update provisioning status | | | and SyncTo info with Unified CM server | +------------------------+-------------------------------------------+ The table below refers to Subscribers created in VOSS Automate using: * Subscriber Management > Subscribers * Subscriber Management > Quick Add Subscriber * Auto Push feature on Site Quick Add Subscriber and Subscriber Management create Subscribers and users, while Manage Users and the Auto Push feature convert existing users into Subscribers. Users Created in VOSS Automate and Pushed to Cisco Unified CM ................................................................. +------------------------+------------------------------------------+ | Original source of the | Action | | existing user | | +========================+==========================================+ | | Update user, update provisioning status | | LDAP | with Unified CM server (keep SyncTo info | | | the same) | +------------------------+------------------------------------------+ | Cisco Unified CM | No action or updates are necessary | +------------------------+------------------------------------------+ | | Update user, update provisioning status | | Manually created | with Unified CM server and update SyncTo | | | to the Cisco Unified CM hierarchy if the | | | current SyncTo is below it | +------------------------+------------------------------------------+ .. note:: * If a user cannot be created or updated during an LDAP or Unified CM synchronization, a log is created in User Management > Log Messages and the synchronization succeeds. If a user cannot be created or updated manually, an error message is generated. * If the duplicate user check fails, the transaction fails, and the user is not converted to a Subscriber. * If a user's SyncTo value is updated, SSO User updates can result. The SSO User's IDP is set to the IDP configured at the new SyncTo hierarchy node. If no IDP is configured at the new SyncTo hierarchy node, the SSO User is deleted, if it existed. If an IDP is configured at the new SyncTo hierarchy node, but no SSO User exists, an SSO User is created at the user's hierarchy node. * An update is blocked if two duplicate users are from the same source but originate from different servers.