cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1766
Views
9
Helpful
9
Replies

CUCM & LDAP integration

abhasjain
Beginner
Beginner

Hi,

Is it possible to integrate CUCM 8.0.3 with two different Microsoft AD forest for end user syncronization & authentication? If yes please let me know how?

Regards,

AJ

9 Replies 9

ashok_boin
Contributor
Contributor

Hi AJ,

As far as I know, it's not possible to integrate CUCM with 2 different AD forests. It supports only a single AD forest at max with multiple trees/domains.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html

Regards...

-Ashok.


With best regards...
Ashok

Hi Hillman,

Thanks for the link.

I have gone througth SRND in detail & it does not describe about multi - forest integration.

The other documnet require ADAM server for CUCM & multi forest AD integration. Is ADAM compulsary for multi forest integration. Will authorization also work in multi forest deployment?

Regards,

Abhas Jain

Disclaimer: I have not deployed myself, but it seems rather intuitive.

From what I have read it would be required, otherwise you would not be able to authenticate against a second, third, etc. forest.

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

Note Microsoft Active Directory  Application Mode support is limited to those directory topologies  already supported with a native Active Directory connection. No  additional topologies, such as multi-forest, multi-tree single forest,  or global catalog are supported.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_0_2/ccmsys/a04direc.html

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate

So when Cisco speaks out both sides of it's mouth is the SRND the official doctrine?

I didn't mean that to be as snarky as it sounded.  I mean it literally.  Which one of the conflicting articles "wins?"

I think it might also be worth pointing out that synchronization and authentication are two different pieces that are only tangentially related.  You can pull users from multiple forests without ADAM, but authentication will require a single sign-on proxy esch. device.

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

The info does seem conflicting, I found another place with the same statement. But a note on how to configure this.

Microsoft Active Directory Application Mode  support is limited to those directory topologies already supported with a  native Active Directory connection. No additional topologies, such as  multi-forest, multi-tree single forest, or global catalog are supported.

http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/rel_notes/8_0_1/delta/cmadmin.html

How to Configure Unified Communication Manager  Directory Integration in a Multi-Forest Environment

http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_configuration_example09186a0080b2b103.shtml

Since there is a whole note on this, it appears to be supported.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

HTH

java

if this helps, please rate
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers