Directory Services

Unanswered Question
Oct 15th, 2009


I have 2 CUCM clusters in my network. i also have 2 corporate Active directories.I have CUCM-1 LDAP sync with AD-1 and CUCM-2 LDAP sync with AD-2.

I am able to access the Directory button on my IP phone and vies the necesary details from corporate directory.

Now my requirement is from CUCM-1 i need to access the CUCM 2 Diretory services.

Lets say TOM is in AD-1 which is Synced with CUCM-1 and SAM is in AD-2 which is synced with CUCM-2.If SAM wants to retrieve TOM's contact details from the IP phone he will not be able to see it because there is no end user called "TOM" on CUCM-2.

My requirement is i need to be able to fetch the enduser details of other cluster also when i access directory on my IP phone.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
William Bell Thu, 10/15/2009 - 10:37

I am not sure which version of CUCM you are running. The standard answer for most versions is that you will need a custom corporate directory application. Cisco provides a sample application in the IP Phone Services SDK. You can download the SDK from Developer Community web site (

If you running CUCM7x then you can actually create a directory Phone Service by going to Device>Device Settings>Phone Services. Create a new service of type Directories and Category XML. Then set the Service URL to the following:


Of course that is just corporate directory. If you have CUCM 5x or later you could look at DirSync but you will need to do a thorough review on your environment before establishing sync agreements with two separate AD forests. Check out the SRND for your particular release of CUCM.

cjguinn Thu, 10/15/2009 - 11:25

I have this same issue. I did resolve it via a custom Script using ASP and XML. However after I upgraded to CUCM 7.1.2 and the latest Firmware on my 7965 IP Phones it no longer works as the coding is different so now I have to figure it all out again.

I am not going to this time.

I would like Cisco to provide a solution to this as I bet it is a common problem. They should have the ability to setup a VoIP Corporate Directory from the IP Phone. Looking around I see the Directory lookup rules, but this is not applicable to what we are trying to do.

I have a Flat MS AD Domain and my Global Sites are seperated by OU's. CUCM only allows up to 5 AD Integrations.....

Any ideas?

eoinwhite Wed, 11/04/2009 - 06:44

"I have a Flat MS AD Domain and my Global Sites are seperated by OU's. CUCM only allows up to 5 AD Integrations..... "

I have the exact same problem right now trying to work through it.

William Bell Wed, 11/04/2009 - 11:15

Depending on CUCM version, you have three options:

1. Establish multiple sync agreements. Clearly, this won't work for you or the previous poster so we can skip.

2. Use permissions ACL in AD to "block" access to OUs. If you wanted to filter specific OUs, you can specifically restrict or block Read permission for the Cisco DirSync account on OUs that you want to filter out.

3. Customizing the LDAP filter. There is a way to update the LDAP filter that CUCM DirSync uses to "filter" data from the LDAP. You can't edit this filter directly but can update it via AXL/SOAP. The default query is:


This filter is stored in the ldapfilter table. So, you could create a new, custom filter for your environment that leverages an existing or custom attribute to create an inclusive (or exclusive) filter to grab user objects you care about. Once you create the filter, you can then use the AXL API or AXL/SOAP Query toolkit (Plugins) to update the setting.

The path isn't very direct but it is viable. You basically can tag user objects that you are interested in and *only* grab objects you are interested in via the LDAP query mechanism. Very powerful and may be the best option given your situation.




This Discussion