Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

When to use AD LDS?

We have a single Forest with Multiple Domain Trees.

We want to configure both LDAP authentication and LDAP synchronization to support Cisco UC endpoints (Cisco UC Manager, Rel. 8.x).  I understand that if we had multiple Forests in our environment we would need to implement AD LDS.  However, because we a single Forest we have the option not to use AD LDS.

My question is if do use AD LDS, does it allow is greater flexiblity in terms of user id?

According to this document:

In order to support LDAP authentication with multiple Trees (Figure 16-14), the UserPrincipalName (UPN) attribute must be used as the user ID.

However, if I configure AD LDS, I can pull user accounts from my different domain trees into a single target DN.  This configuration would then give me the flexibility of:

     a) not needing to point to a global catalog because the single AD LDS would solve any delays due to a geograhpically distributed domain architecture

     b) allow me to choose uid, mail, employeeNumber, telephoneNumber, or userPrincipalName as the User Id field

Should I configure AD LDS in my single Forest environment based on the above arguement?