.. _update-a-user: Update a User ------------- .. _20.1.1|VOSS-551: .. _20.1.1|EKB-6059: Users are typically added or updated on VOSS Automate from the sync source, e.g. LDAP, CUCM, CUC, etc. See :ref:`user-sync-source` for more details. .. important:: Sync Source precedence may override user input. If you update a user on VOSS Automate: * that exists on a sync source * has mapped fields * has a higher precedence than LOCAL (VOSS Automate) data Only the mapped fields will be updated from the sync source. The data of these fields will be updated from the sync source and not the user input added in VOSS Automate. The Admin Portal would typically render these fields read-only. For user authentication method (Auth Method) changes upon updates, see :ref:`authentication-method-setting-rules`. **Sync Source Scenarios** * :ref:`add-user-sync-scenarios` * :ref:`update-user-sync-scenarios` * :ref:`ldap-add-sync-scenarios` * :ref:`ldap-update-delete-sync-scenarios` See also :ref:`user-field-mapping`. **Additional Info** .. note:: Updating an Admin user who has become a subscriber creates a sync with the application highest on the User Sync Source precedence, and according to the field mapping for that source. The sync occurs once you click **Save**. If the Admin user password is *updated*, user passwords on Unified CM, Unity and WebEx are also updated if these have been provisioned for the user. .. note:: Since different UC apps can have different password strictness rules, the update transaction will only succeed if the strictness rules of *all* the UC apps have been met. Otherwise, the update transaction will roll back. Administrators should therefore choose a password that meets the requirements of all the UC apps. If the user was added as a Microsoft Active Directory LDAP user (see: :ref:`create_a_user`), then: * Additional fields on the User tabs are exposed that can be saved to the Microsoft Active Directory LDAP server. * Updates to user details on the **LDAP** form tab will update the Microsoft Active Directory LDAP server when clicking **Save**. * If user updates made directly on the Microsoft Active Directory LDAP server will reflect on VOSS Automate once the user is again synced in VOSS-4UC from the **Sync & Purge** menu. On the button bar on the associated **Users** form, there are additional actions available to manage a user: * **Align Hierarchy to Sync Source** For example, if the user's sync source is 'CUCM', and the data/User is at Customer level and the CUCM user is at Site level, then the data/User instance will be moved from Customer level to the CUCM's hierarchy, i.e. Site level * **Align Hierarchy to User** All other related instances of the User (e.g. CUCM, device/cucm/User, device/cuc/user, etc.) will be moved to the hierarchy of the data/User instance. * **Delete From Ldap** If the user was also added to a Microsoft Active Directory LDAP server, (see: :ref:`create_a_user`), then the user can also be removed from the server using this menu. The user's **User Details** tab will then reset the **Sync Source** and **Sync Type** of the user according to the Sync Source precedence. If this menu option is used for users on LDAP servers that are not Microsoft Active Directory LDAP servers on port ``636`` and with **Enable Write Operations** checked, the delete transaction will fail. * **Push To Ldap** This menu must be used when adding user details on the **LDAP** form tab for the *first time* and first adding the LDAP user - see: :ref:`create_a_user`. Thereafter, the **Save** button will also update the LDAP user details on the LDAP server. However, if any user details have been updated for the LDAP server, this **Push To Ldap** menu option will also save these. * If this menu option is used for users on LDAP servers that are not Microsoft Active Directory LDAP servers on port ``636`` and with **Enable Write Operations** checked, the transaction will fail with a message "Write Operations not enabled on LDAP server". * For VOSS Automate LDAP synced users, the **LDAP** tab will show a message that Push to LDAP is not allowed. See :ref:`create_a_user`