10-26-2010 04:16 AM - edited 03-16-2019 01:32 AM
Hi,
Is it possible to integrate CUCM 8.0.3 with two different Microsoft AD forest for end user syncronization & authentication? If yes please let me know how?
Regards,
AJ
10-26-2010 04:44 AM
Hi AJ,
As far as I know, it's not possible to integrate CUCM with 2 different AD forests. It supports only a single AD forest at max with multiple trees/domains.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html
Regards...
-Ashok.
10-26-2010 06:14 AM
I'm pretty sure this is possible with an ADAM deployment.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html
I hope this helps.
10-26-2010 06:21 AM
Hi Hillman,
Thanks for the link.
I have gone througth SRND in detail & it does not describe about multi - forest integration.
The other documnet require ADAM server for CUCM & multi forest AD integration. Is ADAM compulsary for multi forest integration. Will authorization also work in multi forest deployment?
Regards,
Abhas Jain
10-26-2010 07:34 AM
Disclaimer: I have not deployed myself, but it seems rather intuitive.
From what I have read it would be required, otherwise you would not be able to authenticate against a second, third, etc. forest.
10-26-2010 07:37 AM
Note Microsoft Active Directory Application Mode support is limited to those directory topologies already supported with a native Active Directory connection. No additional topologies, such as multi-forest, multi-tree single forest, or global catalog are supported.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_0_2/ccmsys/a04direc.html
HTH
java
If this helps, please rate
www.cisco.com/go/pdihelpdesk
10-26-2010 07:43 AM
So when Cisco speaks out both sides of it's mouth is the SRND the official doctrine?
10-26-2010 08:37 AM
I didn't mean that to be as snarky as it sounded. I mean it literally. Which one of the conflicting articles "wins?"
10-26-2010 07:39 AM
I think it might also be worth pointing out that synchronization and authentication are two different pieces that are only tangentially related. You can pull users from multiple forests without ADAM, but authentication will require a single sign-on proxy esch. device.
10-26-2010 09:00 AM
The info does seem conflicting, I found another place with the same statement. But a note on how to configure this.
Microsoft Active Directory Application Mode support is limited to those directory topologies already supported with a native Active Directory connection. No additional topologies, such as multi-forest, multi-tree single forest, or global catalog are supported.
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/rel_notes/8_0_1/delta/cmadmin.html
Since there is a whole note on this, it appears to be supported.
HTH
java
If this helps, please rate
www.cisco.com/go/pdihelpdesk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide