Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

AD Groups and VCS Authentication

I am thinking about setting up my VCS with direct AD authentication for MOVI users.   I have a group in the AD containing all our MOVI users. The problem is I do not see how to restrict authentication to only that group. I do not see a setting on the VCS authentication config page.  Am I missing something?

Everyone's tags (1)
VIP Purple

Hello Eli -It's not possible

Hello Eli -

It's not possible to specify a base DN for users or groups when setting up Active Directory Services for device authentication on the VCS, as the VCS is just used to authenticate the user's password when they try to sign in.  What determines if they can attempt to sign in using ADS is if they have an account within TMSPE, if they don't have an account, they won't authenticate to AD via the VCS.  With that said, you can limit who gets imported into TMSPE by specifying AD groups.  Starting on bottom of pg 26 of the Cisco-TMSPE-with-VCS-Deployment-Guide-1-2, covers how to setup importing users into TMSPE using AD.

New Member

Thanks Patrick.What about

Thanks Patrick.

What about using H.350 directory for authentication? It has a base DN parameter...

However, it looks like it stores the password as clear text along with the entry. Meaning that users will not be able to authenticate using their AD username and password and that defeats the purpose of this exercise. 


Is there a way to configure authentication in such a way that it would be limited to a certain group only, check against AD username and password and work withour relying on the provisioning server?  I want users with other than MOVI clients, any SIP client to be exact, to be able to authenticate using their own username and password stored in AD. Is that an option at all?




CreatePlease to create content