LDAP Integration with AD

JAYESH RAMAIYA · ‎01-26-2012

Hi

I have a test CUCM 6.1 and Microsoft AD set up on VMWare.

I have taken a back up of our live CM and installed this into the test database as well as taken a live back up of our AD and installed this on the test Server.

CM currently has 2039 users and AD has over 4000 users. I want to integrate AD with CM. I have created an account in AD with Domain Admin rights. When I perform the sysnc all the 2039 users are there and are active, However the users in AD did not create in CM and the users I have in CM that I do not have in AD have also been synced.

Any assistance is appreciated.

Regards

Chris Deren · ‎01-26-2012

Are all the users in the container (i.e. OU) you are using as Search Base? Did you start Dirsync service?

Chris

JAYESH RAMAIYA · ‎01-26-2012

Hi Chris

Thnak for the reply. All the users are in the same OU.

The DirSync service boxed is ticked.

Regards

Jay

Chris Deren · ‎01-26-2012

Are you sure all 4000 users are defined as users and not other accounts?

Chris

Aaron Harrison · ‎01-26-2012

Hi Jayesh

Maybe post up some more screen grabs - your sync config from CUCM showing search base, and the OU structure in AD Users & Computers showing the location of the user accounts...

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Dennis Mink · ‎01-26-2012

You dindnt define an ldap filter in cucm, that prevents the other 1900 users from

Being populated into cucm by any chance?

Please remember to rate useful posts, by clicking on the stars below.

JAYESH RAMAIYA · ‎01-30-2012

Hi

Thanks for the reply minkdennis.

Under system, LDAP, I have LDAP System, LDAP Directory and LDAP Authentication options avilable. I don't have LDAP filter.

Is there anyway I can access this

Thanks

Regards

Jay

Chris Deren · ‎01-30-2012

Access what?

LDAP filter was not available in your version via GUI, if I recall correctly it was only definable via CLI. So, if you did not define it there is no filter.

Chris

JAYESH RAMAIYA · ‎01-27-2012

Aaron Harrison · ‎01-30-2012

Hi Jayesh

Firstly - the default LDAP filter for AD is : (&(objectclass=user)(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

So custom LDAP filters replace this, and you should use this as a basis, e.g. to filter out users that have no first name: (&(&(objectclass=user)(givenName=*))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

In your case, I think you have your agreement set up wrong. Your domain DN is :

dc=netlincs,dc=gov,dc=uk

f you wanted to just search the Netlincs/Netlincs User OU, your search base should be:

ou=netlincs users,ou=netlincs,dc=netlincs,dc=gov,dc=uk

Some contains (e.g. users or builtin) are 'special', so would be containers rather than OUs:

cn=users,dc=netlincs,dc=gov,dc=uk

Geddit?

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!