Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AD integration with multiple CM clusters

I have a single domain with multiple DCs and two CM 3.3.3 clusters, one of which has already been integrated into AD. I have completed the build f the second cluster (which will be connected via intercluster trunk)

My question is, what is the impact, process, for integrating the second cluster into AD, especially given the fact that EM is in use at both sites, and both sites are in the same domain, and share the same user OU structure.

any help would be greatly appreciated.

New Member

Re: AD integration with multiple CM clusters

I have done the same thing with my site. I have not used EM however, but I have found just with Device Association, that if you setup a user on cluster A and assign devices, then goto cluser B and assign devices, the assigned devices of B will over write those of A. Other then that I have not had too many issues. I dont know if EM would work between clusters...

New Member

Re: AD integration with multiple CM clusters

That's great info - thanks. I guess my additional concerns are writing into the objects themselves. if you look at the objects using adsi edit, there are setting for the EM server specification, cm server information etc. I do not want the servers stepping on each other, or the users getting the wrong url for em login etc. what do you thing about specifying a seperate OU for the second cluster? Same for unity, basically, instead of using the Cisco OU, specifying a NYCISCO OU or something to that end?

New Member

Re: AD integration with multiple CM clusters

for those interested - this is where I am at so far...

Guidelines/requirements for integrating multiple CCM clusters with AD:

1) There are several known issues with integrating multiple clusters prior

to CCM 3.3(2)

2) Even with CCM 3.3(2), the customer needs to realize and acknowledge that

integrating multiple CM clusters with the same AD does not get them user

mobility across clusters. In particular, they *CANNOT* and *MUST NOT*

associate devices/services from different clusters with the same user

otherwise unpredictable things can take place

3) They must plan and decide what values to use for USERBASE and USER

CREATION BASE across the multiple clusters. Note that these values can be

the same across all of the clusters

4) They must use *DIFFERENT* values for CISCOBASE in the different clusters.

5) If all the clusters are running the same version of the CCM, then they

should extend the schema only from the first cluster that they integrate

with AD. If they attempt to extend the schema from multiple clusters they

will get duplicate schema errors.

6) If they are running different versions of CCM across the multiple

clusters then they *MUST* make sure that they have installed the schema from

the cluster that is running the latest CM version (the directory schema is

backwards compatible)

7) Finally, before they implement this functionality in production they

*MUST* test it out in the lab as our QA team does not test this

configuration in the lab.


CreatePlease login to create content