04-15-2009 01:27 PM - edited 03-15-2019 05:07 AM
We are in process of deciding whether or not to integrate our new CUCM 6.13 cluster with AD via LDAP.
What are some of the pros and cons? Mostly cons!!
04-16-2009 07:36 AM
the only cons i could think of would be the need to manage users from AD (many consider it a pro, depends where you stand), that you can't reverse to internal directory, users are not deleted immediately but only after garbage process takes place.
PROS, you do not have to recreate every single user in CUCM, if you use things like presence deployment is way easier with an AD, you can use same for CUCMBE CUC or for your VM
HTH
java
if this helps, please rate
05-05-2009 10:30 AM
What did you mean with "you can't reverse to internal directory"?
05-07-2009 05:47 AM
I would say it depends upon how many users u are dealing with and what is the frequency of MAC(Moves ADDS and Changes)
Once you integrate you would be able to change some the fields on the phone page.
You would have to have create a dummy account for adding a phone which is not there in AD
In short a little control is lost by CCM Administrator
05-26-2009 05:15 PM
What do you mean by
"In short a little control is lost by CCM Administrator"
can you be more specific?
06-01-2009 11:55 AM
I was told that we have too many OUs that cannot be re-organized at this time to deliver what we want. Also the required filtering will not be available via AD. This was our AD group's answerâ¦.
06-02-2009 02:57 PM
Hi FureyaAtaker,
This is correct as there are import limiations with LDAP.
Regards,
Justin
06-02-2009 09:23 PM
Hi Justin,
What are these limitations? After integrating my CMBE version 7 with AD - it only imported half of the users I needed. I added numerous ways of setting up the search base but to no avail. If it's a hit and miss on the import - is this an AD issue on how the accounts were created. I had to break integration to add the missing accounts 'manually' -- no fun at all.
Regards,
Eddie
06-08-2009 12:37 AM
The best advice I can give is to read the LDAP Directory Integration section of the CUCM SRND.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/directry.html
There is a limitation of five synchronisation agreements (i.e. search bases within AD) which can be a restriction for larger AD environments.
Major benefit for most users is that user authentication for accessing CCMUser, CTI apps etc. is synced with AD - no need for separate user names/passwords.
Please rate if helpful.
06-10-2009 06:53 AM
The workaround for five synchronizaton agreements limitation is creating a user with Read access only to the OU's or containers you want to synchronize.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide