We have a Win2K Server with a clean Active Directory installation.
We have installad a Call Manager 3.1 which is a stand alone server (not member of the domain but we have also tried with a member server).
We have installed the "Customer Directory Configuration Plugin" on the CCM as specified in the above document.
We selected "express cfg", inserted the proper AD hostname (port 389), we have manually created the Cisco OU under Active Directory, and changed the User search attribute into "user id". We have inserted the Directory Administrator Password.
After this we have chosen to use the EXISTING Schema (but we have tried both)
All this worked fine with no errors and it updated the AD Schema (under the Cisco OU created we had another CCN OU and several sub-OUs). Furthermore a user called "CTI Framework" was created in AD.
The problem is now in creating and searching for users in the Call Manager.
If we insert a user from the Call Manager "Add User" page, it says that access is denied after we hit the Insert button ("Could not update user -2100 Access Denied").
NOTE: A profile was created into the AD Cisco/CCN/Profiles but no user has been added to Active Directory.
What was wrong with our installation procedure? The problem is that there is a little documentation about this and we really don't know what to do!!!
Note that adding users in Global Directory of CCMAdmin by default is not allowed when using the external directory. The reason it is setup that way is 1) by default, we expect the people in charge of the directory system to add/change/delete users, not the CallManager administrators, and 2) specifically with Active Directory (not sure about Netscape) we don't have a way to set or change user passwords in the directory since we are not implementing the proprietary Windows API to do this. So the passwords have to be set in the Active Directory GUI.
If you want to be able to add users to the AD from CCMAdmin, you can go into the registry, and go to:
1. Don't make a production CallManager a domain controller. Just don't do it.
2. Don't make a production CallManager a domain controller. Just don't do it. (yes I meant the answers to be the same)
If you want to make remote management easier, you can make the CallManager a member server in an NT domain or Active Directory.
But that has nothing to do with user data stored in LDAP. That is a separate animal. Even if you make the CM a member server it will still use DC Directory. If you want to use AD to store AVVID related user information you would use the customer directory plugin. But again that has nothing to do with who is a domain controller and who is a member server.
We fully agree with these concepts. It is ok for us to create users only in Active Directory.
But the matter is:
How do make these users visible to the Call Manager?
And some parameters like the PIN, or the telephone number or the IP Phone association, how can they be associated with the user?
These parameters cannot be found in the normal "Active Directory User properties". And when we search for users from the CCMAdmin we cannot find anybody.
By the way we have already tried to set the Registry key to true but we were still not able to insert users in the AD from the Call Manager. The answer which was given was the one we have posted in our previous message ("Access Denied").
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.