Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3318
Views
10
Helpful
9
Replies

Search Filter for TMS AD integration

Go to solution
jilfersalam
Level 1
Level 1

‎06-13-2012 01:26 PM - edited ‎03-17-2019 11:19 PM

We are provisioning Jabber video/Movi in TMS. We are unable to pull users defined by a group Policy.

This is how the AD structure Looks like, were we need to pull the users.

CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,DC=xyz

We have an OU with Video Conferencing in which there is a group policy called U_VideoConferencing_Clients. Any  users created in the OU Video Conferencing, TMS is able to see after integration. But any users defined by the group policy U_VideoConferencing_Clients inside OU Video Conferencing is not being pulled by TMS.

Read in the documents a search filter is requred to add these users. Anyone have any idea on the search filter to be used?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Magnus Ohm
Cisco Employee
Cisco Employee
In response to jilfersalam

‎06-13-2012 02:28 PM

Hey jilfersalam

Are you able to import the users using this searchfilter?

(&(objectClass=user)(memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,DC=xyz))

/Magnus

View solution in original post

Go to solution
Zac Colton
Cisco Employee
Cisco Employee
In response to jilfersalam

‎06-13-2012 03:04 PM

Jilfer,

For the source configuration, you would want to configure the Base DN of DC=xyz,DC=local. The Relative Search DN would be the rest of the AD structure where all of the user accounts would fall. If all of the users are in an OU=Users (or a sub-OU or folder thereof) that exists at the root of you domain, the Relative Search DN would be OU=Users. How this works is that the ldap query that is ran against AD will find all users in OU=Users,DC=xyz,DC=local that are a member of what is defined in the memberOf search filter.

I also just noticed something else from what ou have posted. is you domain local.xyz or xyz.local? If it is xyz.local, the end of the strings would be DC=xyz,DC=local. This include the memberOf string.

Zac

View solution in original post

9 Replies 9

Go to solution
Zac Colton
Cisco Employee
Cisco Employee

‎06-13-2012 02:12 PM

jilfersalam,

I'm a little unclear of your AD tree. Is U_VideoConferencing_Clients a folder or a security group? From the sounds of it, it seems it is a security group. For the AD search, the Base DN and Relative Search DN with describe the actual location of the user accounts. If you then want to filter the list of those users to only be the users that are member of a specific security group, you would then add a search filter of something like memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,dc=xyz. The location of where the security group resides in AD does not matter. You will just need to make sure that the full path of its actual location is correct in the string for the memberOf filter. For example, if you have an OU off your root that contains your security groups call "Security Groups", the memberOf would equal CN=U_VideoConferencing_Clients,OU=Security Groups,DC=local,DC=xyz.

Zac

0 Helpful

Go to solution
jilfersalam
Level 1
Level 1
In response to Zac Colton

‎06-13-2012 02:22 PM

Hello Zac

Thank You for the reply.

Yes, it is a security group. As per the system admin, the Security Group is called U_VideoConferencing_Clients, which resides in the OU Video Conferencing, So the syntax we gave for the search filter was exatly what u mentioned,

memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,dc=xyz

But it was not pulling the users in the Security Group, is there anything additional we need to give?

0 Helpful

Go to solution
Magnus Ohm
Cisco Employee
Cisco Employee
In response to jilfersalam

‎06-13-2012 02:28 PM

Hey jilfersalam

Are you able to import the users using this searchfilter?

(&(objectClass=user)(memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,DC=xyz))

/Magnus

Go to solution
Marnus van der Nest
Level 1
Level 1
In response to Magnus Ohm

‎08-01-2017 01:23 AM

Hi Guys, 

I want to revive this post as I ma having issues and cant import contacts using this method as well. I am using LDAP string 

OU=Resources,OU=Users,OU=Johannesburg,OU=Corporate,DC=South32,DC=Net

test is okay, but contacts not importing. Trying to import Meeting rooms only. Which is located in the Resources OU

0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Marnus van der Nest

‎08-01-2017 08:11 AM

The easiest solution is to have your meeting rooms be a member of a group, and simply import that group using a search filter similar to Mangus' reply.

0 Helpful

Go to solution
Zac Colton
Cisco Employee
Cisco Employee
In response to jilfersalam

‎06-13-2012 02:32 PM

jilfersalam,

What is the configuration of the Base DN and Relative Search DN? Do all of the user accounts that are a member of the security group exist in that path?

Zac

0 Helpful

Go to solution
jilfersalam
Level 1
Level 1
In response to Zac Colton

‎06-13-2012 02:40 PM

Hello Magnus

I will try out the search filter once i am on site and update you guys.

Zac,

Base DN xyz.local is the root of the AD, the actual users might be in an OU called users. I am not very good on AD side, if you can ellobrate your question, i can get back to you it once i discuss it with the system admins once i am on site.

thanks

Jilfer

0 Helpful

Go to solution
Zac Colton
Cisco Employee
Cisco Employee
In response to jilfersalam

‎06-13-2012 03:04 PM

Jilfer,

For the source configuration, you would want to configure the Base DN of DC=xyz,DC=local. The Relative Search DN would be the rest of the AD structure where all of the user accounts would fall. If all of the users are in an OU=Users (or a sub-OU or folder thereof) that exists at the root of you domain, the Relative Search DN would be OU=Users. How this works is that the ldap query that is ran against AD will find all users in OU=Users,DC=xyz,DC=local that are a member of what is defined in the memberOf search filter.

I also just noticed something else from what ou have posted. is you domain local.xyz or xyz.local? If it is xyz.local, the end of the strings would be DC=xyz,DC=local. This include the memberOf string.

Zac

Go to solution
jilfersalam
Level 1
Level 1
In response to Zac Colton

‎06-14-2012 12:02 AM

Hello Zac,

Thanks for taking time in explaining it. As you mentioned, we were not configuring the correct releative search DN. Once we gave the correct relative search DN , together with the search filter that magnus posted, i was able to pull all the users defined by the security group.

Thank you guys for the support.

Jilfer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents