I have a working LDAP Filter on the IP Phone field in the AD User
However, I am having trouble creating a working LDAP filter on a custom group in AD. I have tried several
Does anyone have any advice ?
Solved! Go to Solution.
Got it working!!
This filter grabs all users within the group i specified below. A_VOIP-SoftPhone
Just FYI, if someone is reading this, I'm using DC=ad but some of you may use DC=com
an easy way of finding your path, go to your Active Directory Users and Groups, find your group, right click, properties, attribute editor, then find your distinguished name and that will be what you can use. You can then test this by adding a New "Saved Query" define the query, custom query, Advanced, then enter in your LDAP query and save. It should then show you the list of members in the group.
This is an example of a filter that we use to filter on membership in a group.
Thank you for the information. I am trying to apply this LDAP filter to Cisco Directory Connector and I keep getting an error during a dry sync. I cant seem to add a filter based on your above advice.
Unhandled exception has occurred in your application.
Index was out of range. Must be non-negative and less than the size of the collection
What version of the Directory Connector do you use? We have up to recently used group membership as a filter criteria in DC and that worked.
@Roger KallbergI appreciate your assistance. I upgraded to 3.7.1001.64569
Ironically, I run the working sync I still get the warning message I described above. However, it does match many of the objects when I click continue. So the dry synch works.
But when I perform a dry sync on the User LDAP Filter on my Security Group, it doesnt match anything. Many of the users added to the system are in this group, so there should be many matches.
For reference these are the settings that we have.
I blurred out any company specifics.
We are on this version currently, but have been on prior releases also when using member of group as a filter criteria.
In the search path you have DC=ad and in the filter you have DE=ad. Likely one of them are incorrect, check this and test again.
You also should check that the search base is set to a point in your directory so that it sees all users that you want to bring into Control Hub.
Sorry about the typo, I got dumped out and retyped it queickly to post it here. But this is the sync that I ran
Just to make sure, do the search base DN “OU=Groups,DC=XXXX,DC=ad” contain the users that you want to bring into Control Hub based on the filter?
Thank you for being patient and helping me with this.
the XXXX.ad domain > Groups has a group name A_VOIP_SoftPhone which has the members I want to sync. Many of these members were manually added via CSV (including myself) so should show matches during the dry run sync. Just checked the Group members and they are all there.
I do get that the group is there and that the users are members of the group, but what I ask is do that OU also actually contain the user objects as such? If not you would need to alter the search base to a point that is higher up in the directory tree. This setting point to where the search will start, it would search for users from this point and downwards in the directory tree.
That makes sense. My apologies, I am very good with the UCM side but not so much the AD hierarchy. I will get the right path and let you know how it goes.