cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
424
Views
0
Helpful
4
Replies

Active Directory - another tree in the forest

CHAD MARSH
Level 1
Level 1

Is there any way for the CallManager AD plugin to be configured so that CCM can see users in another tree in the AD forest? We are currently pointing at the root domain, and can see users in that domain as well as users in child domains directly under that domain, but cannot see users in another tree in the same forest (i.e.: a separate name space).

For example if my domain was cisco.com and I am pointing at dc=cisco, dc=com

I can see users in the cisco.com domain, and users in the sub-domain eng.cisco.com, but not users in the linksys.com domain (although it is still a child of cisco.com but in a different name space).

Hopefully that makes sense, AD is not my forte.

Chad Marsh

CCIE 5185 R/S & ISP/Dial

4 Replies 4

sgit
Level 1
Level 1

Just a quick question regarding your setup. Are all your users in the AD located in the default Users OU or in a different one. If so how was the plug-in setup?

The plugin configuration is setup so that we point (userbase etc.)at the root domain (i.e.: dc=cisco,dc=.com)

90-95% but not all of the users in the initial deployment will be in the default Users container in the 'other tree' domain (i.e.: dc=linksys,dc=com).

The few test users we put there cannot be seen by either the corporate directory search on the phone or the Global Directory in CallManager administration. We can however see an object in the Global Directory called (linksys$) which is either the domain itself, or a trust, not sure... but we cannot see users inside it.

The customers AD administrator I have been working with says that the way AD works is the the account you are using has to 'change focus' in order to look inside this 'other tree' domain (i.e.: in AD Users & Computers, you have to go "Connect to Domain" before you can see users in the other domain) he doesn't know if there is a way to make the Enterprise Admin account we used in the plugin have the ability to see all domains simultaneously without having to "change focus" or whatever. This AD stuff is mostly greek to me....

cm

d-case1
Level 1
Level 1

Hi,

Would like to know how you got the AD plug-in to see users in a Child domain. So far I've had no luck.

Just by pointing at the root domain, I see users in child domains in the same name space, i.e.: if my root was cisco.com, and I point my userbase at dc=cisco,dc=com then I will see any users in that domain as well as users in children of that domain such as sj.cisco.com or eng.cisco.com.

Didn't have to do anything fancy, but I am not pointing specifically at a user container.

cm

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: