Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
4
Replies

Problem with UCCM 6.1 and AD shema

vjemin
Level 1
Level 1

‎11-18-2008 04:20 AM - edited ‎03-15-2019 05:05 AM

Hi

here is my problem:

I have two OU's in AD shema with different users. All these users I have on Call Manager (two different LDAP directories).

But, I can put only one LDAP Manager Distinguished Name in LDAP Authentication for End Users!!!

And because of that, only users from one OU can log to the ccmuser page!!!

How can I solve this problem?

I'm looking for the best practice solution for this problem.

Thanks in advance,

Vlaho

Labels:
0 Helpful
4 Replies 4

joel
Level 1
Level 1

‎11-18-2008 09:33 AM

Vlaho,

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html#wp1045296

check this out...

in the search base you do not have to point a particular OU, point it to the root domain, then it will search through all the OU's.

Additional Considerations for Microsoft Active Directory

A synchronization agreement for a domain will not synchronize users outside of that domain nor within a child domain because Unified CM does not follow AD referrals during the synchronization process. The example in Figure 18-10 requires three synchronization agreements to import all of the users.

-------Although Search Base 1 specifies the root of the tree, it will not import users that exist in either of the child domains. Its scope is only VSE.LAB, and separate agreements are configured for the other two domains to import those users.----------------

hope this helps....

JoeL

0 Helpful

joel
Level 1
Level 1
In response to joel

‎11-18-2008 09:35 AM

Another this you want to make sure is if the Admin account you use to sync with LDAP has permission for both the OU's..

Use a specific account within the corporate directory to allow the Unified CM synchronization agreement to connect and authenticate to it. Cisco recommends that you use an account dedicated to Unified CM, with minimum permissions set to "read" all user objects within the desired search base and with a password set never to expire. (When the password for this account changes in the directory, Unified CM must be reconfigured to take the change into account.)

0 Helpful

jrockhill
Level 1
Level 1
In response to joel

‎12-03-2008 03:19 PM

haven't touched this aspect for awhile, what is the common syntax used when adding the OU or the DC

0 Helpful

jrockhill
Level 1
Level 1
In response to jrockhill

‎12-03-2008 04:12 PM

Let me clarify that..hehe

I am adding ou=Users, dc=domain

but I am seeing no users after running the sync, was wondering if I was missing something

0 Helpful
Customers Also Viewed These Support Documents