Jaime Valencia Thu, 04/16/2009 - 07:36

the only cons i could think of would be the need to manage users from AD (many consider it a pro, depends where you stand), that you can't reverse to internal directory, users are not deleted immediately but only after garbage process takes place.

PROS, you do not have to recreate every single user in CUCM, if you use things like presence deployment is way easier with an AD, you can use same for CUCMBE CUC or for your VM



if this helps, please rate

nesharm2 Thu, 05/07/2009 - 05:47

I would say it depends upon how many users u are dealing with and what is the frequency of MAC(Moves ADDS and Changes)

Once you integrate you would be able to change some the fields on the phone page.

You would have to have create a dummy account for adding a phone which is not there in AD

In short a little control is lost by CCM Administrator

redelabsdor Tue, 05/26/2009 - 17:15

What do you mean by

"In short a little control is lost by CCM Administrator"

can you be more specific?

FureyaAtaker Mon, 06/01/2009 - 11:55

I was told that we have too many OUs that cannot be re-organized at this time to deliver what we want. Also the required filtering will not be available via AD. This was our AD group's answer….

Justin Brenton Tue, 06/02/2009 - 14:57

Hi FureyaAtaker,

This is correct as there are import limiations with LDAP.



landichoe Tue, 06/02/2009 - 21:23

Hi Justin,

What are these limitations? After integrating my CMBE version 7 with AD - it only imported half of the users I needed. I added numerous ways of setting up the search base but to no avail. If it's a hit and miss on the import - is this an AD issue on how the accounts were created. I had to break integration to add the missing accounts 'manually' -- no fun at all.



James Hawkins Mon, 06/08/2009 - 00:37

The best advice I can give is to read the LDAP Directory Integration section of the CUCM SRND.


There is a limitation of five synchronisation agreements (i.e. search bases within AD) which can be a restriction for larger AD environments.

Major benefit for most users is that user authentication for accessing CCMUser, CTI apps etc. is synced with AD - no need for separate user names/passwords.

Please rate if helpful.

marina.kaminski Wed, 06/10/2009 - 06:53

The workaround for five synchronizaton agreements limitation is creating a user with Read access only to the OU's or containers you want to synchronize.


This Discussion