RE:CUCM 220.127.116.110-3. 1 X Pub / 2 x Sub.
We are in the process of installing a new CUCM cluster and are looking to integrate with MS W2K3 AD for user
authentication, however, the issue we have encountered is regarding permissions:
The AD domain contains 10k user accounts with 900 OUs. We wish to, initially, populate the CUCM with users from 10 of these OUs (approx 500 users). When a user is created in AD they automatically have read access to the full directory, our LDAP DN user, defined in the authentication agreement on CUCM, will therefore have read access to the whole AD. Since we want to populate users from 10 OUs (and more in the future) we canot set explicit authentication agreements for each OU. Also, if we
were to use permissions to filter users to be imported into CUCM, our AD admin would have to set explicit denys on each of the 890 OUs. Is there an alternative way of filtering to import just the users we need?