Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Search Filter for TMS AD integration

We are provisioning Jabber video/Movi in TMS. We are unable to pull users defined by a group Policy.

This is how the AD structure Looks like, were we need to pull the users.

CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,DC=xyz

We have an OU with Video Conferencing in which there is a group policy called U_VideoConferencing_Clients. Any  users created in the OU Video Conferencing, TMS is able to see after integration. But any users defined by the group policy U_VideoConferencing_Clients inside OU Video Conferencing is not being pulled by TMS.

Read in the documents a search filter is requred to add these users. Anyone have any idea on the search filter to be used?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Search Filter for TMS AD integration

Hey jilfersalam

Are you able to import the users using this searchfilter?

(&(objectClass=user)(memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,DC=xyz))

/Magnus

Cisco Employee

Search Filter for TMS AD integration

Jilfer,

For the source configuration, you would want to configure the Base DN of DC=xyz,DC=local. The Relative Search DN would be the rest of the AD structure where all of the user accounts would fall. If all of the users are in an OU=Users (or a sub-OU or folder thereof) that exists at the root of you domain, the Relative Search DN would be OU=Users. How this works is that the ldap query that is ran against AD will find all users in OU=Users,DC=xyz,DC=local that are a member of what is defined in the memberOf search filter.

I also just noticed something else from what ou have posted. is you domain local.xyz or xyz.local? If it is xyz.local, the end of the strings would be DC=xyz,DC=local. This include the memberOf string.

Zac

9 REPLIES
Cisco Employee

Search Filter for TMS AD integration

jilfersalam,

I'm a little unclear of your AD tree. Is U_VideoConferencing_Clients a folder or a security group? From the sounds of it, it seems it is a security group. For the AD search, the Base DN and Relative Search DN with describe the actual location of the user accounts. If you then want to filter the list of those users to only be the users that are member of a specific security group, you would then add a search filter of something like memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,dc=xyz. The location of where the security group resides in AD does not matter. You will just need to make sure that the full path of its actual location is correct in the string for the memberOf filter. For example, if you have an OU off your root that contains your security groups call "Security Groups", the memberOf would equal CN=U_VideoConferencing_Clients,OU=Security Groups,DC=local,DC=xyz.

Zac

Community Member

Search Filter for TMS AD integration

Hello Zac

Thank You for the reply.

Yes, it is a security group. As per the system admin, the Security Group is called U_VideoConferencing_Clients, which resides in the OU Video Conferencing, So the syntax we gave for the search filter was exatly what u mentioned,

memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,dc=xyz

But it was not pulling the users in the Security Group, is there anything additional we need to give?

Cisco Employee

Search Filter for TMS AD integration

Hey jilfersalam

Are you able to import the users using this searchfilter?

(&(objectClass=user)(memberOf=CN=U_VideoConferencing_Clients,OU=Video Conferencing,DC=local,DC=xyz))

/Magnus

Community Member

Hi Guys, 

Hi Guys, 

I want to revive this post as I ma having issues and cant import contacts using this method as well. I am using LDAP string 

OU=Resources,OU=Users,OU=Johannesburg,OU=Corporate,DC=South32,DC=Net

test is okay, but contacts not importing. Trying to import Meeting rooms only. Which is located in the Resources OU

VIP Super Bronze

The easiest solution is to

The easiest solution is to have your meeting rooms be a member of a group, and simply import that group using a search filter similar to Mangus' reply.

Cisco Employee

Search Filter for TMS AD integration

jilfersalam,

What is the configuration of the Base DN and Relative Search DN? Do all of the user accounts that are a member of the security group exist in that path?

Zac

Community Member

Search Filter for TMS AD integration

Hello Magnus

I will try out the search filter once i am on site and update you guys.

Zac,

Base DN xyz.local is the root of the AD, the actual users might be in an OU called users. I am not very good on AD side, if you can ellobrate your question, i can get back to you it once i discuss it with the system admins once i am on site.

thanks

Jilfer

Cisco Employee

Search Filter for TMS AD integration

Jilfer,

For the source configuration, you would want to configure the Base DN of DC=xyz,DC=local. The Relative Search DN would be the rest of the AD structure where all of the user accounts would fall. If all of the users are in an OU=Users (or a sub-OU or folder thereof) that exists at the root of you domain, the Relative Search DN would be OU=Users. How this works is that the ldap query that is ran against AD will find all users in OU=Users,DC=xyz,DC=local that are a member of what is defined in the memberOf search filter.

I also just noticed something else from what ou have posted. is you domain local.xyz or xyz.local? If it is xyz.local, the end of the strings would be DC=xyz,DC=local. This include the memberOf string.

Zac

Community Member

Search Filter for TMS AD integration

Hello Zac,

Thanks for taking time in explaining it. As you mentioned, we were not configuring the correct releative search DN. Once we gave the correct relative search DN , together with the search filter that magnus posted, i was able to pull all the users defined by the security group.

Thank you guys for the support.

Jilfer

2255
Views
10
Helpful
9
Replies
CreatePlease to create content