cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
295
Views
10
Helpful
2
Replies

Call Manager 8/Unity Connection 8/Active Directory

jdheltneIBM
Level 1
Level 1

Due to support reasons, we have a seperate AD for our Call Manager/Unity environment and have now run into an issue.  We have full AD integration and with this users have to authenticate to AD when they go to their own page in Call Manager to do things like create address books and such.  Our issue is, this AD is ONLY used for the VOIP environment, and therefore no one normally logs onto this domain other than for this function.  For this reason we need a way to manage users and passwords via Call Manager.  Is there a way to allow an end user to set their passwords in AD via Call Manager?  We are looking for any solution, even if it means having to use the SDK.  All help is greatly appreciated.

2 Replies 2

William Bell
VIP Alumni
VIP Alumni

Jason,

That is an interesting setup for sure. There is no way to do this from the CUCM side. The passwords in AD are never pulled down by the CUCM DirSync service and there is no mechanism to reset the passwords from within the UC apps (admin or end user portals).

You could look at MS or 3rd party tools. I have seen people stand up their own web server and use some .NET APIs to provide end user web interfaces to do the job. I suppose if you are open to that concept, you could build an application on a web server that is a member of your UC-only domain. You could use it as a launch point to get to other end user portals (CUCM, Unity Connection/Unity) and provide an option to reset passwords.

Regards,

Bill (http://ucguerrilla.com)

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

I think it migh be worth spelling out a little about why you have this design to start with.

It certainly sounds like it hasn't been properly thought through...

For example, reasons why I would integrate a CUCM to AD are:

1) So that users can authenticate to it with their standard creds. Does not apply to you.

2) So that users can access a directory with more than just the CUCM users in it. Sounds like since this was built for CUCM, it will only have CUCM users in it

3) Because you have to, becuase you want to use Jabber for X which requires LDAP to be in reasonable shape

If it's just for reason 3, then you could simply have an AD with users in it, and not integrate CUCM to it. That way CUCM controls the passwords, and as long as the users match on a field (e.g. usernames match, or another field in LDAP matches the CUCM username) then all will be well.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: