Showing results for 
Search instead for 
Did you mean: 

CUCM LDAP Filter on Group


I have a working LDAP Filter on the IP Phone field in the AD User







However, I am having trouble creating a working LDAP filter on a custom group in AD. I have tried several



(&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)) (memberOf=CN=VoIPGroup,OU=SecondOU,OU=FirstOU,DC=DomainName,DC=com))



Does anyone have any advice ?




Accepted Solutions

Got it working!!

This filter grabs all users within the group i specified below. A_VOIP-SoftPhone


Just FYI, if someone is reading this, I'm using DC=ad but some of you may use DC=com

an easy way of finding your path, go to your Active Directory Users and Groups, find your group, right click, properties, attribute editor, then find your distinguished name and that will be what you can use. You can then test this by adding a New "Saved Query" define the query, custom query, Advanced, then enter in your LDAP query and save. It should then show you the list of members in the group.



View solution in original post


Roger Kallberg
VIP Mentor VIP Mentor
VIP Mentor

This is an example of a filter that we use to filter on membership in a group.



Response Signature

Thank you for the information. I am trying to apply this LDAP filter to Cisco Directory Connector and I keep getting an error during a dry sync. I cant seem to add a filter based on your above advice.


Unhandled exception has occurred in your application.

Index was out of range. Must be non-negative and less than the size of the collection


What version of the Directory Connector do you use? We have up to recently used group membership as a filter criteria in DC and that worked.

Response Signature



I can go ahead and update it.

@Roger KallbergI appreciate your assistance.  I upgraded to 3.7.1001.64569


Ironically, I run the working sync I still get the warning message I described above. However, it does match many of the objects when I click continue. So the dry synch works.


But when I perform a dry sync on the User LDAP Filter on my Security Group, it doesnt match anything. Many of the users added to the system are in this group, so there should be many matches.

Would you mind to take a screenshot of the tab in the configuration for DC and post here?

Response Signature

For reference these are the settings that we have.


I blurred out any company specifics.

We are on this version currently, but have been on prior releases also when using member of group as a filter criteria.

Response Signature

Here is my screenshots


In the search path you have DC=ad and in the filter you have DE=ad. Likely one of them are incorrect, check this and test again.

You also should check that the search base is set to a point in your directory so that it sees all users that you want to bring into Control Hub.

Response Signature




Sorry about the typo, I got dumped out and retyped it queickly to post it here. But this is the sync that I ran




Search base:OU=Groups,DC=XXXX,DC=ad



Just to make sure, do the search base DN “OU=Groups,DC=XXXX,DC=ad” contain the users that you want to bring into Control Hub based on the filter?


Response Signature

Thank you for being patient and helping me with this.


the domain > Groups has a group name A_VOIP_SoftPhone which has the members I want to sync. Many of these members were manually added via CSV (including myself) so should show matches during the dry run sync. Just checked the Group members and they are all there.



I do get that the group is there and that the users are members of the group, but what I ask is do that OU also actually contain the user objects as such? If not you would need to alter the search base to a point that is higher up in the directory tree. This setting point to where the search will start, it would search for users from this point and downwards in the directory tree.

Response Signature

That makes sense. My apologies, I am very good with the UCM side but not so much the AD hierarchy. I will get the right path and let you know how it goes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: