- Cisco Employee,
Cisco Unified Communications Manager 7.x supports Microsoft Active Directory forest with some limitations.
When synchronization is enabled with an AD forest containing multiple trees, multiple LDAP synchronization agreements are needed. Additionally, the UserPrincipalName (UPN) attribute is guaranteed by Active Directory to be unique across the forest and must be chosen as the attribute that is mapped to the Unified CM UserID.
When authentication is enabled with an AD forest containing multiple trees, a single LDAP search base cannot cover multiple namespaces. Unified CM must use a different mechanism to authenticate users across these discontiguous namespaces. The UserPrincipalName (UPN) attribute must be used as the user ID within Unified CM. When the user ID is the UPN, the LDAP authentication configuration page within Unified CM Administration does not allow you to enter the LDAP Search Base field, but instead it displays the note, "LDAP user search base is formed using userid information." In fact, the user search base is derived from the UPN suffix for each user.
Further details can be found at Cisco Unified Communications SRND Based on Cisco Unified Communications Manager 7.x > LDAP Directory Integration